zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/networking/decentralized-firewall
History
Ludovico Magnocavallo f6775aca1b
Use the same versions file everywhere, pin to tf 1.0+ provider 4.0+ (#355) 
* add default versions file, remove old providers and versions

* use default versions file everywhere

* fix kms module

* re-add provider configuration for data platform step 2

* update kms module outputs sorting

* update kms documentation

* fix data solutions tests

* fix GKE workload identity attribute name

* work around firewall provider issue in datafusion example
 		2021-11-03 15:05:43 +01:00
..
firewall Formatting 2021-07-26 09:28:16 +02:00
validator Added decentralized firewall rule validator. 2021-09-08 13:41:21 +02:00
README.md Note hierarcicall FW rules in the readme 2021-07-30 01:16:47 +02:00
backend.tf.sample feat: Decenrtalized firewall management example added. 2021-07-26 09:22:40 +02:00
diagram.png feat: Decenrtalized firewall management example added. 2021-07-26 09:22:40 +02:00
main.tf Fixed decentralized-firewall tests 2021-10-14 18:11:11 +02:00
outputs.tf Add more validations to linter 2021-10-08 18:26:04 +02:00
variables.tf Add more validations to linter 2021-10-08 18:26:04 +02:00
versions.tf Use the same versions file everywhere, pin to tf 1.0+ provider 4.0+ (#355) 2021-11-03 15:05:43 +01:00

README.md

Decentralized firewall management

This sample shows how a decentralized firewall management can be organized using the firewall-yaml module.

This approach is a good fit when Shared VPCs are used across multiple application/infrastructure teams. A central repository keeps environment/team specific folders with firewall definitions in yaml format.

In the current example multiple teams can define their VPC Firewall Rules for dev and prod environments using team specific subfolders. Rules defined in the common folder are applied to both dev and prod environments.

NOTE: Common rules are meant to be used for situations where hierarchical rules do not map precisely to requirements (e.g. SA, etc.)

This is the high level diagram:

High-level diagram

Variables

name description type required default
billing_account_id Billing account id used as default for new projects. string
prefix Prefix used for resources that need unique names. string
root_node Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. string
ip_ranges Subnet IP CIDR ranges. map(string) ...
project_services Service APIs enabled by default in new projects. list(string) ...
region Region used. string europe-west1

Outputs

name description sensitive
fw_rules Firewall rules.
projects Project ids.
vpc Shared VPCs.