HomeTerraform Modulediscriminat-eni

discriminat-eni

ChaserSystems/discriminat-eni/aws

Terraform Module HCL AWS

DiscrimiNAT Firewall for egress filtering by FQDNs on AWS. Architecture with ENIs in VPCs for Private Subnets' route table entries to the Internet.

Install
module "discriminat-eni" {
source = "ChaserSystems/discriminat-eni/aws"
version = "2.20.0"
}
plain text: /constructs/tfmod-chasersystems-discriminat-eni-aws/install.txt
⭐ Source on GitHub 📦 Registry page
README

DiscrimiNAT, ENI architecture DiscrimiNAT Firewall for egress filtering by FQDNs on AWS. Just specify the allowed destination hostnames in the respective applications' native Security Groups and the firewall will take care of the rest. ![](https://chasersystems.com/img/aws-protocol-tls.gif) Architecture with ENIs in VPCs for Private Subnets' route table entries to the Internet. Demo Video | DiscrimiNAT FAQ Pentest Ready DiscrimiNAT enforces the use of contemporary encryption standards such as TLS 1.2+ and SSH v2 with bidirectional in-band checks. Anything older or insecure will be denied connection automatically. Also conducts out-of-band checks, such as DNS, for robust defence against sophisticated malware and insider threats. Gets your VPC ready for a proper pentest! Highlights Creates E

Inputs (13)
NameTypeDescriptionDefault
public_subnetslist(string)The IDs of the Public Subnets to deploy the DiscrimiNAT Firewall instances in. T required
ami_versionstringReserved for use with Chaser support. Allows overriding the source AMI version f"2.20"
iam_get_additional_ssm_paramslist(string)A list of additional SSM Parameters' full ARNs to apply the `ssm:GetParameter` A[]
ashrboolAutomated System Health Reporting. See note in README to learn more. Set to falstrue
key_pair_namestringStrongly suggested to leave this to the default, that is to NOT associate any kenull
user_data_base64stringStrongly suggested to NOT run custom, startup scripts on the firewall instances.null
ami_ownerstringReserved for use with Chaser support. Allows overriding the source AMI account f"aws-marketplace"
ami_auto_updateboolAutomatically look up and use the latest version of DiscrimiNAT image available true
iam_get_additional_secretslist(string)A list of additional Secrets' full ARNs (in Secrets Manager) to apply the `secre[]
byolstringIf using the BYOL version from the marketplace, supply the licence key as supplinull
preferencesstringDefault preferences. See docs at https://chasersystems.com/docs/discriminat/aws/"{\n \"%default\": {\n \"wildcard_ex
tagsmap(any)Map of key-value tag pairs to apply to resources created by this module. See exa{}
instance_sizestringThe default of t3.small should suffice for light to medium levels of usage. Anyt"t3.small"
Outputs (2)
cloudwatch_log_group_name — Name of the CloudWatch Log Group where DiscrimiNAT instances will log traffic flow and configuration
target_network_interfaces — Map of zones to ENI IDs suitable for setting as Network Interface targets in routing tables of Priva
Resources (9)
aws_autoscaling_groupaws_iam_instance_profileaws_iam_policyaws_iam_roleaws_iam_role_policy_attachmentaws_launch_templateaws_network_interfaceaws_security_groupaws_ssm_parameter
Topics & Tags
proxyfqdnterraformawsfirewallegress
Details
FrameworkTerraform Module
LanguageHCL
Version2.20.0
Cloud AWS
★ Stars1
Forks2
Total downloads7.1k
Inputs13
Outputs2
Resources9
Examples2
LicenseApache-2.0
NamespaceChaserSystems
Updated
Similar packages
caf-enterprise-scale

Azure landing zones Terraform module

★ 952terraform
caf

Terraform supermodule for the Terraform platform engineering for Azure

★ 581terraform
lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform
label

Terraform Module to define a consistent naming convention by (namespace, stage,

★ 702terraform
Tools
⚖ Compare with another construct → 📋 View data schema