70 lines
No EOL
1.3 KiB
HCL
70 lines
No EOL
1.3 KiB
HCL
variable "firewall_labels" {
|
|
description = "Labels to be associated to resource"
|
|
type = map(string)
|
|
}
|
|
|
|
variable "firewall_name" {
|
|
description = "Name of resource"
|
|
type = string
|
|
}
|
|
|
|
variable "firewall_service_type" {
|
|
description = "The 'Service_Type label the firewall targets"
|
|
type = string
|
|
|
|
}
|
|
|
|
# Define individual rules
|
|
locals {
|
|
ssh_firewall_rule = {
|
|
description = "SSH IN"
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = 22
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
http_firewall_rule = {
|
|
description = "HTTP IN"
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = 80
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
https_firewall_rule = {
|
|
description = "HTTPS IN"
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = 443
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
}
|
|
|
|
# Define rule groups
|
|
locals {
|
|
basic_firewall_rules = [local.ssh_firewall_rule]
|
|
web_firewall_rules = [
|
|
local.basic_firewall_rules,
|
|
local.http_firewall_rule,
|
|
local.https_firewall_rule]
|
|
}
|
|
|
|
# Select rule group based on passed variable
|
|
locals {
|
|
rule_set = lookup(
|
|
{
|
|
Web = local.web_firewall_rules,
|
|
Basic = local.basic_firewall_rules
|
|
},
|
|
var.firewall_service_type,
|
|
local.basic_firewall_rules
|
|
)
|
|
} |