You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ravi f40177d56b fix reviews 6 months ago
examples fix reviews 6 months ago
.gitignore add resources 6 months ago
.pre-commit-config.yaml fix reviews 6 months ago
CHANGELOG.md fix reviews 6 months ago
Jenkinsfile Add example 6 months ago
LICENSE add resources 6 months ago
README.md fix reviews 6 months ago
data.tf Add example 6 months ago
main.tf fix reviews 6 months ago
outputs.tf fix typo in output 6 months ago
variables.tf fix reviews 6 months ago
versions.tf fix reviews 6 months ago

README.md

terraform-module-azurerm-firewall

Requirements

Name Version
terraform >= 0.12
azurerm >= 2.9.0

Providers

Name Version
azurerm >= 2.9.0

Inputs

Name Description Type Default Required
application_rule_actions The list of action of the rules which will be aplied to matching traffic. Possible values are Allow and Deny. list(string)
[
“Deny"
]
no
application_rule_count Number of firewall application rules collection to create. Setting this value to 0 will not deploy any application rule collection related to the firewall. number 1 no
application_rule_enabled Boolean flag which describes whether or not to enable the firewall application rule. bool false no
application_rule_names Specifies the list of names of application rules collection which must be unique within the Firewall. Changing this forces a new resource to be created. list(string)
[
““
]
no
application_rule_priorities Specifies the list of priorities of the application rule collection. Possible values are between 100-65000. list(number)
[
100
]
no
application_rules A list of list of map of options to apply. Map must support the following structure:
* name(required, string): The Name of the rule.
* description(Optional, string): Specifies a description for the rule.
* source_addresses(required, list of string): A list of source IP addresses and/or IP range (e.g. [“10.23.72.178”])
* fqdn_tags(Optional, list of string): A list of FQDN tags. Possible values are AppServiceEnvironment, AzureBackup, MicrosoftActiveProtectiveService, WindowsDiagnostics and WindowsUpdate
* target_fqdns(Optional, list of string): A list of FQDNs (e.g. ["*.google.com”])
* protocol(Optional, list of map): A list of map of protocol to apply:
* port(Optional, number): A port for the connection.
* protocol(required, string): The type of the connection. Possible values are Http,Https and Mssql.
For example, see folder examples/default
list [] no
enabled Enable or disable module bool true no
firewall_exist Boolean flag which describes whether the Azure firewall is already existing ot not. bool false no
firewall_tags Tags which will be associated to the firewall resource only. map {} no
ip_configurations One or more ip configuration blocks. NOTE: The subnet used for the firewall must have the name AzureFirewallSubnet and subnet mask must be at least /26. And at least one and only one ip_configuration block may contain a subnet_id. list(object({ name = string, subnet_id = string, public_ip_address_id = string }))
[
null
]
no
name Specifies the names of the firewall. Changing this forces a new resource to be created. string "" no
nat_rule_actions The List of actions of the rule which will be applied to matching traffic. Possible values are Dnat and Snat. list(string)
[
“Dnat"
]
no
nat_rule_count Number of firewall NAT rules collection to create. Setting this value to 0 will not deploy any NAT rule collection related to the firewall. number 1 no
nat_rule_enabled Boolean flag which describes whether or not enable firewall nat rules. bool false no
nat_rule_names Specifies the list of names of the NAT rule collection which must be unique within the firewall. Changing this forces a new resource to be created. list(string)
[
““
]
no
nat_rule_priorities The list which specifies the priorities of the rule collection. Possible values are between 100-6500. list(number)
[
101
]
no
nat_rules A list of list of map of options to apply. Map must support following structure:
* name(required, string): Specifies the name of the rule.
* description(Optional, string): Specifies a description for the rule.
* destination_addresses(required, list of string): A list of destination IP addesses and/or IP ranges.
* destination_ports(required, list of string): A list of destination ports.
* protocols(required, list of numbers): A list of protocols. Possible values are Any, ICMP, TCP,UDP. If action is Dnat, protocols can only be TCp ,UDp.
* source_addresses(required, list of string): A list of source IP addresses and/or IP ranges.
* translated_address(required, string): The address of the service behind the firewall.
* translated_port(required, number): The port of the service behind the firewall.
For example, see folder examples/default
list [] no
network_rule_actions The List of actions of the rule which will be applied to matching traffic. Possible values are Deny and Allow. list(string)
[
“Deny"
]
no
network_rule_count Number of network rule collection to create. Setting this value to 0 will not deploy any network rule collection related to the firewall. number 1 no
network_rule_enabled Boolean flag which describes whether or not enable firewall network rules. bool false no
network_rule_names Specifies the list of names of the network rule collection which must be unique within the firewall. Changing this forces a new resource to be created. list(string)
[
““
]
no
network_rule_priorities The list which specifies the priority of the rule collection. Possible values are between 100-6500. list(number)
[
101
]
no
network_rules A list of list of map of options to apply. Map must support following structure:
* name(required, string): Specifies the name of the rule.
* description(Optional, string): Specifies a description for the rule.
* source_addresses(required, list of string): A list of source IP addresses and/or IP ranges.
* destination_addresses(required, list of string): A list of destination IP addesses and/or IP ranges.
* destination_ports(required, list of numbers): A list of destination ports.
* protocols(required, list of string): A list of protocols. Possible values are Any, ICMP, TCP, UDP.
For example, see folder examples/default
list [] no
resource_group_location Specifies the supported Azure location where the resources exist. Changing this forces a new resource to be created. string "eastus" no
resource_group_name The name of the resource group in which to create the resources in this module. Changing this forces a new resource to be created. string "" no
tags Tags shared by all resources of this module. Will be merged with any other specific tags by resource map {} no
zones Specifies the availabilty zones in which the Azure firewall should be created. any null no

Outputs

Name Description
id The Resource ID of the Azure firewall
ip_configuration The Ip configuration of the Azure firewall.