HomeTerraform Modulediscriminat-ilb

discriminat-ilb

ChaserSystems/discriminat-ilb/google

Terraform Module HCL GOOGLE

DiscrimiNAT Firewall is a transparent, proxy-less solution to discover & filter egress traffic by FQDNs in a Shared VPC on Google Cloud. Architecture with internal TCP load balancers as next hops.

Install
module "discriminat-ilb" {
source = "ChaserSystems/discriminat-ilb/google"
version = "2.20.1"
}
plain text: /constructs/tfmod-chasersystems-discriminat-ilb-google/install.txt
⭐ Source on GitHub 📦 Registry page
README

DiscrimiNAT, ILB architecture DiscrimiNAT Firewall is a transparent, proxy-less solution to discover & filter egress traffic by FQDNs in a Shared VPC on Google Cloud. Just specify the allowed destination hostnames in the respective applications' native Firewall Rules and DiscrimiNAT will take care of the rest. Watch our 3½ minute egress FQDN discovery video. ![](https://chasersystems.com/img/gcp-protocol-tls.gif) Architecture with internal TCP load balancers as next hops set as the default, and network tag based opt-out control. Pentest Ready DiscrimiNAT enforces the use of contemporary encryption standards such as TLS 1.2+ and SSH v2 with bidirectional in-band checks. Anything older or insecure will be denied connection automatically. Also conducts out-of-band checks, such as DNS, for rob

Inputs (23)
NameTypeDescriptionDefault
subnetwork_namestringThe name of the subnetwork to deploy the DiscrimiNAT Firewall instances in. This required
regionstringThe region the specified subnetwork is to be found in. required
project_idstringThe GCP Project ID for this deployment. For example: my-project-111222 required
custom_service_account_emailstringOverride with a specific, custom service account email in case support for archinull
image_familystringReserved for use with Chaser support. Allows overriding the source image family "discriminat"
zones_nameslist(string)Specific zones if you wish to override the default behaviour. If not overridden,[]
custom_deployment_idstringOverride the randomly generated Deployment ID for this deployment. This is a uninull
user_data_base64stringStrongly suggested to NOT run custom, startup scripts on the firewall instances.null
image_auto_updateboolAutomatically look up and use the latest version of DiscrimiNAT image available true
byolstringIf using the BYOL version from the marketplace, supply the licence key as supplinull
ashrboolAutomated System Health Reporting. See note in README to learn more. Set to `faltrue
machine_typestringThe default of `e2-small` should suffice for light to medium levels of usage. An"e2-small"
mig_update_policy_typestringOPPORTUNISTIC or PROACTIVE. Set to OPPORTUNISTIC to prevent a `terraform apply` "PROACTIVE"
image_versionstringReserved for use with Chaser support. Allows overriding the source image version"2.20"
only_route_tagslist(string)Restrict automatically created default route (to the Internet) to VMs with thesenull
bypass_cidrsmap(map(string))Destination CIDRs that should be routed directly to the default internet gateway{ "gcp-grpc-direct-conn": { "descr
client_cidrslist(string)Additional CIDR blocks of clients which should be able to connect to, and hence [ "10.0.0.0/8", "172.16.0.0/12", "
image_projectstringReserved for use with Chaser support. Allows overriding the source image project"chasersystems-public"
preferencesstringDefault preferences. See docs at https://chasersystems.com/docs/discriminat/gcp/"{\n \"%default\": {\n \"wildcard_ex
labelsmap(string)Map of key-value label pairs to apply to resources created by this module. See e{}
instances_per_zonenumberThis can be set to a higher number if deployment is single-zone only, to achieve1
mig_target_sizenumberIf left unset, automatically sets to the number of zones_names * instances_per_znull
block-project-ssh-keysboolStrongly suggested to leave this to the default, that is to NOT allow project-witrue
Outputs (3)
opt_out_network_tag — The network tag for VMs needing to bypass DiscrimiNAT completely, such as bastion hosts. Such VMs sh
deployment_id — The unique identifier, forming a part of various resource names, for this deployment.
default_preferences — The default preferences supplied to DiscrimiNAT. See docs at https://chasersystems.com/docs/discrimi
Resources (10)
google_compute_firewallgoogle_compute_forwarding_rulegoogle_compute_health_checkgoogle_compute_instance_templategoogle_compute_region_backend_servicegoogle_compute_region_instance_group_managergoogle_compute_routegoogle_secret_manager_secretgoogle_secret_manager_secret_versionrandom_pet
Topics & Tags
proxyfqdngcpterraformfirewallgoogle-cloudegress
Details
FrameworkTerraform Module
LanguageHCL
Version2.20.1
Cloud GOOGLE
★ Stars3
Forks4
Total downloads11.0k
Inputs23
Outputs3
Resources10
Examples2
LicenseApache-2.0
NamespaceChaserSystems
Updated
Similar packages
caf-enterprise-scale

Azure landing zones Terraform module

★ 952terraform
caf

Terraform supermodule for the Terraform platform engineering for Azure

★ 581terraform
lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform
label

Terraform Module to define a consistent naming convention by (namespace, stage,

★ 702terraform
Tools
⚖ Compare with another construct → 📋 View data schema