This module allows creation of custom VPC firewall rules.
Variable rules details are available here. Basic usage of this module is as follows:
module "firewall_rules" {
source = "terraform-google-modules/network/google//modules/firewall-rules"
project_id = var.project_id
network_name = module.vpc.network_name
rules = [{
name = "allow-ssh-ingress"
description = null
direction = "INGRESS"
priority = null
destination_ranges = ["10.0.0.0/8"]
source_ranges = ["0.0.0.0/0"]
source_tags = null
source_service_accounts = null
target_tags = null
target_service_accounts = null
allow = [{
protocol = "tcp"
ports = ["22"]
}]
deny = []
log_config = {
metadata = "INCLUDE_ALL_METADATA"
}
}]
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| egress_rules | List of egress rules. This will be ignored if variable 'rules' is non-empty | list(object({ |
[] |
no |
| ingress_rules | List of ingress rules. This will be ignored if variable 'rules' is non-empty | list(object({ |
[] |
no |
| network_name | Name of the network this set of firewall rules applies to. | string |
n/a | yes |
| project_id | Project id of the project that holds the network. | string |
n/a | yes |
| rules | This is DEPRICATED and available for backward compatiblity. Use ingress_rules and egress_rules variables. List of custom rule definitions | list(object({ |
[] |
no |
| Name | Description |
|---|---|
| firewall_rules | The created firewall rule resources |
| firewall_rules_ingress_egress | The created firewall ingress/egress rule resources |
In a firewall rule, you specify a set of components that define what the rule does. Some of the values are optional and some have default value. For sample code check firewall rules in examples folder. variable rule.ranges is kept for backward compatibility and should not be set at the same time as rule.destination_ranges OR rule.source_ranges otherwise module will generate an error message ranges may not be set at the same time as destination_ranges OR source_ranges.
ranges: IP address range. This may not be set at the same time asdestination_rangesORsource_ranges.source_ranges: (Optional) If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format.source_rangesmay not be set at the same time asrangesdestination_ranges: (Optional) If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format.destination_rangesmay not be set at the same time asrangesname: (Required) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.description: (Optional) An optional description of this resource. Provide this property when you create the resourcedirection: (Optional) Direction of traffic to which this firewall applies; default is INGRESSpriority: (Optional) Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000