discriminat-ntag
ChaserSystems/discriminat-ntag/google
DiscrimiNAT Firewall is a transparent, proxy-less solution to discover & filter egress traffic by FQDNs in a Shared VPC on Google Cloud. Architecture with Network Tags in VPCs for fine-grained, opt-in control over routing.
DiscrimiNAT, NTag architecture DiscrimiNAT Firewall is a transparent, proxy-less solution to discover & filter egress traffic by FQDNs in a Shared VPC on Google Cloud. Just specify the allowed destination hostnames in the respective applications' native Firewall Rules and DiscrimiNAT will take care of the rest. Watch our 3½ minute egress FQDN discovery video.  Architecture with Network Tags in VPCs for fine-grained, opt-in control over routing. Pentest Ready DiscrimiNAT enforces the use of contemporary encryption standards such as TLS 1.2+ and SSH v2 with bidirectional in-band checks. Anything older or insecure will be denied connection automatically. Also conducts out-of-band checks, such as DNS, for robust defence against sophisticat
| Name | Type | Description | Default |
|---|---|---|---|
| project_id | string | The GCP Project ID for this deployment. For example: my-project-111222 | |
| subnetwork_name | string | The name of the subnetwork to deploy the DiscrimiNAT Firewall instances in. This | |
| region | string | The region the specified subnetwork is to be found in. | |
| image_version | string | Reserved for use with Chaser support. Allows overriding the source image version | "2.20" |
| byol | string | If using the BYOL version from the marketplace, supply the licence key as suppli | null |
| machine_type | string | The default of `e2-small` should suffice for light to medium levels of usage. An | "e2-small" |
| block-project-ssh-keys | bool | Strongly suggested to leave this to the default, that is to NOT allow project-wi | true |
| preferences | string | Default preferences. See docs at https://chasersystems.com/docs/discriminat/gcp/ | "{\n \"%default\": {\n \"wildcard_ex |
| zones_names | list(string) | Specific zones if you wish to override the default behaviour. If not overridden, | [] |
| bypass_cidrs | map(map(string)) | Destination CIDRs that should be routed directly to the default internet gateway | {
"gcp-grpc-direct-conn": {
"descr |
| labels | map(string) | Map of key-value label pairs to apply to resources created by this module. See e | {} |
| user_data_base64 | string | Strongly suggested to NOT run custom, startup scripts on the firewall instances. | null |
| image_family | string | Reserved for use with Chaser support. Allows overriding the source image family | "discriminat" |
| ashr | bool | Automated System Health Reporting. See note in README to learn more. Set to `fal | true |
| client_cidrs | list(string) | Additional CIDR blocks of clients which should be able to connect to, and hence | [
"10.0.0.0/8",
"172.16.0.0/12",
" |
| custom_service_account_email | string | Override with a specific, custom service account email in case support for archi | null |
| image_project | string | Reserved for use with Chaser support. Allows overriding the source image project | "chasersystems-public" |
| image_auto_update | bool | Automatically look up and use the latest version of DiscrimiNAT image available | true |
| random_deployment_id | bool | Set to true to change the region name in resource names to a randomised word. | false |
default_preferences — The default preferences supplied to DiscrimiNAT. See docs at https://chasersystems.com/docs/discrimizonal_network_tags — Network Tags – to be associated with protected applications – for filtering traffic through the neardeployment_id — The unique identifier, forming a part of various resource names, for this deployment.Azure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,