Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
main.tf		main.tf
outputs.tf		outputs.tf
resource-group.tf		resource-group.tf
variables.tf		variables.tf
versions.tf		versions.tf

README.md

fms-dns-firewall-policy

This module creates following resources.

aws_fms_policy

Requirements

Name	Version
terraform	>= 1.5
aws	>= 4.36

Providers

Name	Version
aws	5.19.0

Modules

Name	Source	Version
resource_group	tedilabs/misc/aws//modules/resource-group	~> 0.10.0

Resources

Name	Type
aws_fms_policy.this	resource

Inputs

Name	Description	Type	Default	Required
name	(Required) The friendly name of the AWS Firewall Manager Policy.	`string`	n/a	yes
pre_rule_groups	(Required) A list of rule groups to process first. Each item of `pre_rule_groups` block as defined below. (Required) `priority` - The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting. Valid values for `priority` are between 1 and 99. (Required) `rule_group` - The ID of the firewall rule group.	list(object({ priority = number rule_group = string }))	n/a	yes
auto_remediation_enabled	(Optional) Indicate if the policy should be automatically applied to new resources. Defaults to `false`.	`bool`	`false`	no
cascade_deletion_enabled	(Optional) Whether to cleanup resources which is managed by the policy on deletion. Defaults to `true`. If `true`, the request performs cleanup according to the policy type. For AWS WAF and Shield Advanced policies, the cleanup does the following: - Deletes rule groups created by AWS Firewall Manager - Removes web ACLs from in-scope resources - Deletes web ACLs that contain no rules or rule groups For security group policies, the cleanup does the following for each security group in the policy: - Disassociates the security group from in-scope resources - Deletes the security group if it was created through Firewall Manager and if it's no longer associated with any resources through another policy After the cleanup, in-scope resources are no longer protected by web ACLs in this policy. Protection of out-of-scope resources remains unchanged.	`bool`	`true`	no
module_tags_enabled	(Optional) Whether to create AWS Resource Tags for the module informations.	`bool`	`true`	no
organization_filter	(Optional) A filter configuration to decide protections on resources based on the accounts and organization units. `organization_filter` block as defined below. (Optional) `type` - Whether to include or exclude resources that contain `accounts` or `organization_units` from protections by this policy. Valid values are `WHITELIST` and `BLACKLIST`. (Optional) `accounts` - A list of AWS Organization member accounts that you want to include or to exclude for this AWS FMS Policy. (Optional) `organization_units` - A list of AWS Organization Units that you want to include or to exclude for this AWS FMS Policy.	object({ type = optional(string, "WHITELIST") accounts = optional(set(string), []) organization_units = optional(set(string), []) })	`{}`	no
post_rule_groups	(Optional) A list of rule groups to process last. Each item of `post_rule_groups` block as defined below. (Required) `priority` - The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting. Valid values for `priority` are between 9901 and 10000. (Required) `rule_group` - The ID of the firewall rule group.	list(object({ priority = number rule_group = string }))	`[]`	no
resource_cleanup_on_leave_enabled	(Optional) Whether Firewall Manager will automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. Defaults to `false`. This option is not available for Shield Advanced or AWS WAF Classic policies.	`bool`	`false`	no
resource_group_description	(Optional) The description of Resource Group.	`string`	`"Managed by Terraform."`	no
resource_group_enabled	(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module.	`bool`	`true`	no
resource_group_name	(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`.	`string`	`""`	no
resource_tags_filter	(Optional) A filter configuration to decide protections on resources based on the resource tags. `resourcee_tags_filter` block as defined below. (Optional) `type` - Whether to include or exclude resources that contain `tags` from protections by this policy. Valid values are `WHITELIST` and `BLACKLIST`. (Optional) `tags` - A map of resource tags to filter resources.	object({ type = optional(string, "WHITELIST") tags = optional(map(string), {}) })	`{}`	no
resource_types	(Optional) A list of resource types to protect.	`list(string)`	[ "AWS::EC2::VPC" ]	no
tags	(Optional) A map of tags to add to all resources.	`map(string)`	`{}`	no

Outputs

Name	Description
arn	The ARN of the AWS Firewall Manager Policy.
attributes	A set of attributes that applied to the AWS Firewall Manager Policy.
id	The ID of the AWS Firewall Manager Policy.
name	The name of the AWS Firewall Manager Policy.
policy	The configuration of this policy.
scope	The configuration of this policy scope.