Skip to content

zoro16/terraform-hcloud-firewall

Repository files navigation

Description

Terraform module to provision Firewall resources in Hetzner Cloud.

Usage

# Configure the Hetzner Cloud Provider
provider "hcloud" {
  token = var.hcloud_token
}


module "firewall" {
  source = "../../"

  create_firewall = true

  firewall_name = "test-fw"

  firewall_labels = {
    "Name" : "testing-fw"
  }

  firewall_rules = [
    {
      direction = "in"
      protocol  = "tcp"
      port      = "80"
      source_ips = [
        "0.0.0.0/0",
        "::/0"
      ]
    },
    {
      direction = "in"
      protocol  = "tcp"
      source_ips = [
        "0.0.0.0/0",
        "::/0"
      ]
      port        = "8080"
      description = "This accepts HTTP from anywhere"
    },
    {
      direction = "out"
      protocol  = "tcp"
      destination_ips = [
        "10.22.0.0/24",
      ]
      port = "80"
    }
  ]

  firewall_apply_to = {
    label_selector = "key=value"
  }

}

Requirements

Name Version
terraform >= 1.2.0
hcloud >= 1.42.1

Providers

Name Version
hcloud >= 1.42.1

Modules

No modules.

Resources

Name Type
hcloud_firewall.firewall resource

Inputs

Name Description Type Default Required
create_firewall Whether to create a Firewall or not. bool false no
firewall_apply_to Configuration of a Rule from this Firewall.
object({
# Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)
label_selector = optional(string)

# ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block
server = optional(number)
})
{} no
firewall_labels User-defined labels (key-value pairs) should be created with. map(string) {} no
firewall_name Name of the Firewall. string "" no
firewall_rules Configuration of a Rule from this Firewall.
list(object({
# Direction of the Firewall Rule. in
direction = string

# Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp
protocol = string

# List of CIDRs that are allowed within this Firewall Rule (when direction is in)
source_ips = optional(list(string))

# List of CIDRs that are allowed within this Firewall Rule (when direction is out)
destination_ips = optional(list(string))

# Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.
port = optional(string)

# Description of the firewall rule
description = optional(string)
}))
[] no

Outputs

Name Description
firewall_apply_to Configuration of a Rule from this Firewall.
firewall_id ID of the Firewall.
firewall_labels User-defined labels (key-value pairs) should be created with.
firewall_name Name of the Firewall.
firewall_rule Configuration of a Rule from this Firewall.