AWS

4 Mins Read

Detailed Guide to Provision AWS Network Firewall using Terraform

Voiced by Amazon Polly

Introduction

AWS Network Firewall is the recently launched, fully managed, highly available, and scalable managed network by AWS, providing security for the VPC’s workloads. AWS Network Firewall works together with AWS Firewall Manager so you can build policies based on AWS Network Firewall rules and then centrally apply those policies across your VPCs and accounts. In the previous blog, we learned about detailed Manual Provisioning of AWS Network Firewall.

Today, we will automate the Provisioning of AWS Network Firewall using Infrastructure as a code DevOps Tool, i.e., Terraform.

Advantages of Terraform:

  • Terraform is an open-source Infrastructure-as-Code (IaC) software tool that enables us to create, update and improve Infrastructure in many Cloud Platforms like AWS, Azure, and GCP.
  • Terraform Support Reuse of the code.
  • We can Provision many numbers physical resources with a single command.
  • Terraform has Idempotent property. That is, the state of the infrastructure is saved in local machines. The second application results in 0 changes.

Learn more about Continuous Integration to Automate Terraform modules with GitHub Action as IaC Pipelines here.

Customized Cloud Solutions to Drive your Business Success

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

Prerequisites

  • Any Linux instances
  • AWS root account
  • Terraform should be Preinstalled in the Linux machine
  • AWS CLI

AWS Services Used

  • AWS Network Firewall
  • AWS Network Firewall policy
  • AWS Network Firewall Rule Groups
  • VPC
  • Subnets
  • Route Table
  • Internet Gateway
  • Windows instance

Deployment Architecture

AD

Step by Step Guide to Execute the Terraform Code

We are going to Construct the Terraform code in the Linux machine in Modular Format then we execute the code using Terraform Commands.

Step 1: Go to a Linux Instance and connect to an AWS account using AWS CLI.

Step 2: Create a Folder called “NetworkFirewall” and go into the folder.

Step2

Step 3: Type Git init to initiate the Git repo to pull the code from GitHub.

Go to NetworkFirewall Folder

Step 4: Go to FirewallTerraform  Folder

Step4

Step 5: Here you can see the Files Folders.

File Main.tf

The use of main.tf file is used to put the code in Modular format.

Run the Below Code to see the code.

Step5

File Var.tf 

This File contains all the variables declared in the Terraform Code. The code Reusability is achieved here. If we change the values in the variable. We can use the same code to provision similar infrastructure.

Step5_b

File Provider.tf  This File contains the CloudProvider details.

Step5_c

Step 6: Now Go into the module Folder by running the below code.

Here you will see two folders, Firewall, and Networking. Here we are segregating the Resource to the provision in the AWS platform in a modular way. Go into each folder and check the Files present.

Step6

Step 7: Now Go back to the Folder where main.tf File is presently using the below command.

Execute the below Code

Initialize the terraform code.

Output: If no errors.

Step7

Execute the below code to preview the action Terraform would take to modify your Infrastructure.

Output: If not Errors.

Step7_b

Execute the below Code:

The terraform apply command performs a plan just like terraform plan does, but then actually carries out the planned changes to each resource using the relevant infrastructure provider’s API.

Step7_c

You will get the output in this way. Provisioning AWS Network Firewall using terraform started.

Step 8: Check and verify the newly provisioned resources in the AWS console.

VPC

VPC

Subnets

Subnets

Route Table

RouteTable

Internet Gateway

InternetGateway

Firewall

FireWall

Firewall Policy

Firewall_Policy

Firewall Rule Group

Firewall_Rulegroup

Step 9: Create an windows instance in Firewall-VPC in Resource subnet. Try to access the blocked domain name in the browser. You will find error page or page not found.

Step8

Step 10: Destroy the Infrastructure using the below command.

If you get any errors, Try again the same command.

Conclusion

Provisioning infrastructure on the cloud using Terraform gives us more grip on the infrastructure and fewer manual tasks. The configuration language is human-readable, making us write the infra code more quickly. This allows us to track resource changes or any updates throughout the deployment.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery PartnerAmazon CloudFront Service Delivery PartnerAmazon OpenSearch Service Delivery PartnerAWS DMS Service Delivery PartnerAWS Systems Manager Service Delivery PartnerAmazon RDS Service Delivery PartnerAWS CloudFormation Service Delivery PartnerAWS ConfigAmazon EMR and many more.

FAQs

1. What is the importance of making modules in the terraform?

ANS: – Using modules we can create multiple and smaller terraform files. Which altogether makes a big terraform script. Updating and editing the code would become simpler and easier. We will be getting the possibility to Reuse the Code in many deployments.

2. What are the capabilities, in terms of security for the services and workloads in AWS?

ANS: – We have a few services like Security Groups, which provide security for the instance level. Network Control List, which provides the security for the Subnet level. AWS WAF provides the security for the workload or applications that are running on the CloudFront, load balancers, and API. AWS shield provides security against DDoS attacks.

WRITTEN BY Karthik Kumar P V

Karthik Kumar Patro Voona is a Research Associate (Kubernetes) at CloudThat Technologies. He Holds Bachelor's degree in Information and Technology and has good programming knowledge of Python. He has experience in both AWS and Azure. He has a passion for Cloud-computing and DevOps. He has good working experience in Kubernetes and DevOps Tools like Terraform, Ansible, and Jenkins. He is a very good Team player, Adaptive and interested in exploring new technologies.

Share

PREV

NEXT

Comments

    Click to Comment

Related Resources

AI/ML, Artificial Intelligence, Cloud Computing

Software Engineering: Code Generation and Auto-Debugging

By Niti Aggarwal

Jun 25, 2025

AI/ML, Cloud Computing

Understanding Personal AI Agents in 2025

By Niti Aggarwal

Jun 25, 2025

AWS, Cloud Computing, Google Cloud (GCP)

Comparing Amazon Redshift, Snowflake, and Google BigQuery for Cloud

By Niti Aggarwal

Jun 25, 2025

AWS Certification, Azure

Top 5 Cloud Certifications to Boost Your IT Career

By CloudThat

Jun 25, 2025

AI/ML, Cloud Computing

A Beginner’s Guide to Multi-Modal AI and Its Real-World

By Niti Aggarwal

Jun 25, 2025

Cloud Computing, Data Analytics

Optimizing Apache Spark Workflows Through Lazy Evaluation

By Anusha R

Jun 24, 2025

AWS, Cloud Computing, Data Analytics

Scalable Data Processing with AWS Glue and Apache Spark

By Anusha R

Jun 24, 2025

AI/ML

From Data to Decisions: How AI & IoT Consulting

By CloudThat

Jun 24, 2025

Cloud Training, DevOps

How CloudThat’s Job Opportunity Assurance Program Can Accelerate Your

By CloudThat

Jun 24, 2025

AI, AI/ML

How CloudThat Is Enabling Intelligent Enterprises with AI, ML,

By CloudThat

Jun 24, 2025

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!