aws_firewall
contributions requested
Granular iptables rules for Amazon Web Services
Version information
released Jan 30th 2020
This version is compatible with:
- Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 6.0.0
- CentOS,OracleLinux,RedHat,Scientific
Start using this module
Add this module to your Puppetfile:
mod 'pmuller-aws_firewall', '0.5.0'Learn more about managing modules with a PuppetfileDocumentation
pmuller/aws_firewall — version 0.5.0 Jan 30th 2020
aws_firewall
Table of Contents
- Description
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Changelog
Description
This module generates granular iptables rules to restrict access to Amazon Web Services.
Usage
Create an ipset that contains specific AWS IP prefixes
aws_firewall::ipset { 'ap-south-1-s3':
regions => ['ap-south-1'],
services => ['S3'],
}
Create an ipset-based iptables rule
aws_firewall::rule::ipset { '200 Allow access to S3 in us-east-1':
ipset => 'ap-south-1-s3',
}
Create an iptables rule to allow access to EC2 metadata
aws_firewall::rule::metadata { '200 Allow access to EC2 instance metadata':
uid => 'someone',
}
Reference
See reference
Limitations
- Only tested on RedHat-like Linux distributions
- IPv6 prefixes are not yet supported
Development
See development
Changelog
See CHANGELOG
Changelog
Release 0.5.0 - 2020-01-30
- Accept puppetlabs/firewall module < 3.0.0
Release 0.4.1 - 2019-08-28
- Update dpl to fix automated deployment of new releases to Puppet Forge
Release 0.4.0 - 2019-08-28
- Update tests following data update
Release 0.3.0 - 2019-08-26
- Update IP prefixes using ip-ranges.json "2019-08-22-23-13-05"
Release 0.2.0
- Depend on pmuller/ipset >= 0.6.0
- Use modern facts
- 100% test coverage
Release 0.1.10
- Add tags to package metadata
Release 0.1.9
- Fix Puppet Forge deployment (see https://github.com/travis-ci/dpl/issues/772)
Release 0.1.8
- Remove support for passing ipset as a resource reference in
aws_firewall::rule::ipset
Release 0.1.7
- Support Puppet starting at version 4.10
Release 0.1.6
- Fix documentation URLs in README
Release 0.1.5
- Try automated push to Puppet Forge with
git push master --tags
Release 0.1.4
- Try automated push to Puppet Forge after removing branch restrictions
Release 0.1.3
- Try automated push to Puppet Forge with "all_branches: true"
Release 0.1.2
- Try to push tags first to trigger automatic deployment on Puppet Forge
Release 0.1.1
- Enable automatic deployment of new releases on Puppet Forge
Release 0.1.0
- First release
Dependencies
- puppetlabs/firewall (>=1.8.1 <3.0.0)
- thrnio/ip (>=1.0.0 <2.0.0)
- puppetlabs/stdlib (>=4.24.0 <5.0.0)
- pmuller/ipset (>=0.6.0)