# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. values: module.firewall.google_compute_firewall.custom-rules["allow-healthchecks"]: allow: - ports: - '80' - '443' protocol: tcp deny: [] description: Allow ingress from healthchecks. direction: INGRESS disabled: false log_config: [] name: allow-healthchecks network: vpc-name priority: 1000 project: project-id source_ranges: - 130.211.0.0/22 - 209.85.152.0/22 - 209.85.204.0/22 - 35.191.0.0/16 source_service_accounts: null source_tags: null target_service_accounts: null target_tags: - lb-backends module.firewall.google_compute_firewall.custom-rules["allow-service-1-to-service-2"]: allow: - ports: - '80' - '443' protocol: tcp deny: [] description: Allow ingress from service-1 SA direction: INGRESS disabled: false log_config: [] name: allow-service-1-to-service-2 network: vpc-name priority: 1000 project: project-id source_service_accounts: - service-1@project-id.iam.gserviceaccount.com source_tags: null target_service_accounts: - service-2 target_tags: null module.firewall.google_compute_firewall.custom-rules["block-telnet"]: allow: [] deny: - ports: - '23' protocol: tcp description: block outbound telnet destination_ranges: - 0.0.0.0/0 direction: EGRESS disabled: false log_config: [] name: block-telnet network: vpc-name priority: 1000 project: project-id source_ranges: null source_service_accounts: null source_tags: null target_service_accounts: null target_tags: null counts: google_compute_firewall: 3