| allowed_ips |
IPs to allow (both ingress & egress), note that keys can only be numeric, and maximum capacity across all rules is 30000 |
map(object({
capacity = number
ips = list(string)
})) |
{} |
no |
| aws_region |
Region which resources will be created in |
string |
"ap-southeast-1" |
no |
| block_everything_capacity |
Number of rules this rule group will contain |
number |
25 |
no |
| blocked_domains |
Domains to block (both ingress & egress), maximum capacity across all rules is 30000 |
map(object({
capacity = number
domains = list(string)
})) |
{} |
no |
| blocked_ips |
Block all traffic from/to specific IPs, note that keys can only be numeric, and maximum capacity across all rules is 30000 |
map(object({
capacity = number
ips = list(string)
})) |
{} |
no |
| cloudwatch_log_retention_in_days |
Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. |
number |
180 |
no |
| create_network_firewall |
toggle for creation of network firewall, set to false if you only want to create the firewall policy with this module |
bool |
true |
no |
| egress_allowed_ips |
Destination IPs to allow for outgoing, note that keys can only be numeric, and maximum capacity across all rules is 30000 |
map(object({
capacity = number
ips = list(string)
})) |
{} |
no |
| enable_block_everything_by_default |
Creates rule that will block all traffic by default, and you will have to whitelist routes specifically to allow internet traffic |
bool |
false |
no |
| name |
The name of the network firewall |
string |
n/a |
yes |
| subnet_ids |
Subnets used to create network firewall. |
set(string) |
[] |
no |
| tags |
A map of tags to add to all resources |
map(any) |
{} |
no |
| vpc_id |
n/a |
string |
"" |
no |
| delete_protection |
n/a |
bool |
true |
no |