History

averbukh ce3d1cad35 Merge branch 'decentralized-firewall-averbukh' of https://github.com/terraform-google-modules/cloud-foundation-fabric into decentralized-firewall-averbukh		2021-07-28 22:14:47 +02:00
..
firewall	Formatting	2021-07-26 09:28:16 +02:00
README.md	Update README.md	2021-07-27 16:46:56 +02:00
backend.tf.sample	feat: Decenrtalized firewall management example added.	2021-07-26 09:22:40 +02:00
diagram.png	feat: Decenrtalized firewall management example added.	2021-07-26 09:22:40 +02:00
main.tf	Add basic tests for decentralized firewall example	2021-07-28 22:14:14 +02:00
outputs.tf	feat: Decenrtalized firewall management example added.	2021-07-26 09:22:40 +02:00
variables.tf	feat: Decenrtalized firewall management example added.	2021-07-26 09:22:40 +02:00

README.md

Decentralized firewall management

This sample shows how a decentralized firewall management can be organized using the firewall-yaml module.

This approach is a good fit when Shared VPCs are used across multiple application/infrastructure teams. A central repository keeps environment/team specific folders with firewall definitions in yaml format. This is the high level diagram:

Variables

name	description	type	required	default
billing_account_id	Billing account id used as default for new projects.	`string`	✓
prefix	Prefix used for resources that need unique names.	`string`	✓
root_node	Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'.	`string`	✓
ip_ranges	Subnet IP CIDR ranges.	`map(string)`		`...`
project_services	Service APIs enabled by default in new projects.	`list(string)`		`...`
region	Region used.	`string`		`europe-west1`

Outputs

name	description	sensitive
fw_rules	Firewall rules.
projects	Project ids.
vpc	Shared VPCs.