dfw-nia-module
kalenarndt/dfw-nia-module/nsxt
NSX-T Consul-Terraform-Sync module that will create Distributed Firewall rules within the environment
terraform-nsxt-dfw-nia-module This module is specifically designed to be used with Consul-Terraform-Sync. --- This module will dynamically create the following objects based on the health of a service or multiple services within a task - Custom Service (currently limited to TCP) within NSX-T. This is based on the registered port within the Consul Catalog - Tags and Scopes - Policy Group based on Tag and Scope (Limited to 1 tag due to a constraint with the provider and the OR selector) - Distributed Firewall Section per task - 1 Rule per Service - 1 Allow rule per section that applies only to the services that are created. Can be overridden --- Limitations - 1 rule per service definition from Consul - 1 tag from the service in Consul and the name of the service is always the scope - Service
| Name | Type | Description | Default |
|---|---|---|---|
| services | map( object({ id | Consul services monitored by Consul Terraform Sync | |
| cts_prefix | string | (Optional) Prefix that will be applied to all objects created via Consul-Terrafo | "cts-" |
| default_action | string | Default action for the rule at the bottom of the section created by Consul-Terra | "ALLOW" |