Skip to content

Latest commit

 

History

History
168 lines (116 loc) · 8.26 KB

README.md

File metadata and controls

168 lines (116 loc) · 8.26 KB
Raw

Terraform DigitalOcean Firewall

Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.

Terraform Licence

We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure.

This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.

We have fifty plus terraform modules. A few of them are comepleted and are available for open source usage while a few others are in progress.

Prerequisites

This module has a few dependencies:

Examples

IMPORTANT: Since the master branch used in source varies based on new modifications, we suggest that you use the release versions here.

Simple Example

Here is an example of how you can use this module in your inventory structure:

     module "firewall" {
     source             = "terraform-do-modules/firewall/digitalocean"
     version            = "1.0.0"
     name               = "app"
     environment        = "test"
     allowed_ip         = ["0.0.0.0/0"]
     allowed_ports      = [22, 80]
     droplet_ids        = []
     kubernetes_ids     = []
     load_balancer_uids = []
     }

databases firewall Example

Here is an example of how you can use this module in your inventory structure:

     module "firewall" {
     source                     = "terraform-do-modules/firewall/digitalocean"
     version                    = "1.0.0"
     name                       = local.name
     environment                = local.environment
     database_firewall_enabled  = true
     database_cluster_id        = ""
     rules = [
        {
          type  = "ip_addr"
          value = "192.168.1.1"
        },
      ]
     }

Inputs

Name Description Type Default Required
allowed_ip List of allowed ip. list(any) [] no
allowed_ports List of allowed ingress ports. list(any) [] no
database_cluster_id The ID of the target database cluster. string null no
droplet_ids The ID of the VPC that the instance security group belongs to. list(any) [] no
enabled Flag to control the firewall creation. bool true no
environment Environment (e.g. prod, dev, staging). string "" no
kubernetes_ids The ID of the VPC that the kubernetes security group belongs to. list(any) [] no
label_order Label order, e.g. name,application. list(any) 
[
  "name",
  "environment"
]
 no
load_balancer_uids The ID of the VPC that the load_balancer security group belongs to. list(any) [] no
managedby ManagedBy, eg 'terraform-do-modules' or '[email protected]' string "terraform-do-modules" no
name Name (e.g. app or cluster). string "" no
outbound_rule List of objects that represent the configuration of each outbound rule. 
list(object({
    protocol              = string
    port_range            = string
    destination_addresses = list(string)
  }))
 
[
  {
    "destination_addresses": [
      "0.0.0.0/0",
      "::/0"
    ],
    "destination_droplet_ids": [],
    "port_range": "1-65535",
    "protocol": "tcp"
  },
  {
    "destination_addresses": [
      "0.0.0.0/0",
      "::/0"
    ],
    "port_range": "1-65535",
    "protocol": "udp"
  }
]
 no
protocol The protocol. If not icmp, tcp, udp, or all use the. string "tcp" no
rules List of objects that represent the configuration of each inbound rule. any [] no
tags An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted. list(any) [] no

Outputs

Name Description
cluster_id The ID of the target database cluster.
database_uuid A unique identifier for the firewall rule.
droplet_ids The list of the IDs of the Droplets assigned to the Firewall.
id A unique ID that can be used to identify and reference a Firewall.
inbound_rule The inbound access rule block for the Firewall.
name The name of the Firewall.
outbound_rule The name of the Firewall.

Testing

In this module testing is performed with terratest and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a GO environment in your system.

You need to run the following command in the testing folder:

  go test -run Test

Feedback

If you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at [email protected].

If you have found it worth your time, go ahead and give us a ★ on our GitHub!

About us

At CloudDrove, we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.

We are The Cloud Experts!

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.