aws_firewall

Granular iptables rules for Amazon Web Services

Project URL RSS Feed Report issues

Module Author

Philippe Muller

pmuller

Module Stats

6,907 downloads

1,861 latest version

5.0 quality score

Version information

released Jan 30th 2020

This version is compatible with:

Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
Puppet >= 4.10.0 < 6.0.0
CentOS
,
OracleLinux
,
RedHat
,
Scientific

Start using this module

Bolt

r10k or Code Manager

Manual installation

Download

Tags: aws, firewall, iptables, ec2, s3

Documentation

pmuller/aws_firewall — version 0.5.0 Jan 30th 2020

aws_firewall

Description
Usage - Configuration options and additional functionality
Reference - An under-the-hood peek at what the module is doing and how
Limitations - OS compatibility, etc.
Development - Guide for contributing to the module
Changelog

Description

This module generates granular iptables rules to restrict access to Amazon Web Services.

Usage

Create an ipset that contains specific AWS IP prefixes

aws_firewall::ipset { 'ap-south-1-s3':
  regions  => ['ap-south-1'],
  services => ['S3'],
}

Create an ipset-based iptables rule

aws_firewall::rule::ipset { '200 Allow access to S3 in us-east-1':
  ipset => 'ap-south-1-s3',
}

Create an iptables rule to allow access to EC2 metadata

aws_firewall::rule::metadata { '200 Allow access to EC2 instance metadata':
  uid => 'someone',
}

Reference

See reference

Limitations

Only tested on RedHat-like Linux distributions
IPv6 prefixes are not yet supported

Development

See development

Changelog

See CHANGELOG

Changelog

Release 0.5.0 - 2020-01-30

Accept puppetlabs/firewall module < 3.0.0

Release 0.4.1 - 2019-08-28

Update dpl to fix automated deployment of new releases to Puppet Forge

Release 0.4.0 - 2019-08-28

Update tests following data update

Release 0.3.0 - 2019-08-26

Update IP prefixes using ip-ranges.json "2019-08-22-23-13-05"

Release 0.2.0

Depend on pmuller/ipset >= 0.6.0
Use modern facts
100% test coverage

Release 0.1.10

Add tags to package metadata

Release 0.1.9

Fix Puppet Forge deployment (see https://github.com/travis-ci/dpl/issues/772)

Release 0.1.8

Remove support for passing ipset as a resource reference in aws_firewall::rule::ipset

Release 0.1.7

Support Puppet starting at version 4.10

Release 0.1.6

Fix documentation URLs in README

Release 0.1.5

Try automated push to Puppet Forge with git push master --tags

Release 0.1.4

Try automated push to Puppet Forge after removing branch restrictions

Release 0.1.3

Try automated push to Puppet Forge with "all_branches: true"

Release 0.1.2

Try to push tags first to trigger automatic deployment on Puppet Forge

Release 0.1.1

Enable automatic deployment of new releases on Puppet Forge

Release 0.1.0

First release

Modules

Discover

Contribute

Topics

How-to Guides

Collections

Resources

About Forge

Getting Started

aws_firewall

Philippe Muller

Version information

This version is compatible with:

Start using this module

Documentation

aws_firewall

Table of Contents

Description

Usage

Create an ipset that contains specific AWS IP prefixes

Create an ipset-based iptables rule

Create an iptables rule to allow access to EC2 metadata

Reference

Limitations

Development

Changelog

Changelog

Release 0.5.0 - 2020-01-30

Release 0.4.1 - 2019-08-28

Release 0.4.0 - 2019-08-28

Release 0.3.0 - 2019-08-26

Release 0.2.0

Release 0.1.10

Release 0.1.9

Release 0.1.8

Release 0.1.7

Release 0.1.6

Release 0.1.5

Release 0.1.4

Release 0.1.3

Release 0.1.2

Release 0.1.1

Release 0.1.0

Dependencies