Detailed Guide to Provision AWS Network Firewall using Terraform

Introduction

AWS Network Firewall is the recently launched, fully managed, highly available, and scalable managed network by AWS, providing security for the VPC’s workloads. AWS Network Firewall works together with AWS Firewall Manager so you can build policies based on AWS Network Firewall rules and then centrally apply those policies across your VPCs and accounts. In the previous blog, we learned about detailed Manual Provisioning of AWS Network Firewall.

Today, we will automate the Provisioning of AWS Network Firewall using Infrastructure as a code DevOps Tool, i.e., Terraform.

Advantages of Terraform:

Terraform is an open-source Infrastructure-as-Code (IaC) software tool that enables us to create, update and improve Infrastructure in many Cloud Platforms like AWS, Azure, and GCP.
Terraform Support Reuse of the code.
We can Provision many numbers physical resources with a single command.
Terraform has Idempotent property. That is, the state of the infrastructure is saved in local machines. The second application results in 0 changes.

Learn more about Continuous Integration to Automate Terraform modules with GitHub Action as IaC Pipelines here.

Customized Cloud Solutions to Drive your Business Success

Cloud Migration
Devops
AIML & IoT

Know More

Prerequisites

Any Linux instances
AWS root account
Terraform should be Preinstalled in the Linux machine
AWS CLI

AWS Services Used

AWS Network Firewall
AWS Network Firewall policy
AWS Network Firewall Rule Groups
VPC
Subnets
Route Table
Internet Gateway
Windows instance

Deployment Architecture

Step by Step Guide to Execute the Terraform Code

We are going to Construct the Terraform code in the Linux machine in Modular Format then we execute the code using Terraform Commands.

Step 1: Go to a Linux Instance and connect to an AWS account using AWS CLI.

Step 2: Create a Folder called “NetworkFirewall” and go into the folder.

Step2

Step 3: Type Git init to initiate the Git repo to pull the code from GitHub.

Go to NetworkFirewall Folder

$ git init

$ git pull https://github.com/v-karthik-kumar/FirewallTerraform.git

$ git init

$ git pull https://github.com/v-karthik-kumar/FirewallTerraform.git

Step 4: Go to FirewallTerraform Folder

$ cd FirewallTerraform

1	$ cd FirewallTerraform

Step4

Step 5: Here you can see the Files Folders.

File Main.tf

The use of main.tf file is used to put the code in Modular format.

Run the Below Code to see the code.

$cat main.tf

1	$cat main.tf

Step5

File Var.tf

This File contains all the variables declared in the Terraform Code. The code Reusability is achieved here. If we change the values in the variable. We can use the same code to provision similar infrastructure.

Step5_b

File Provider.tf – This File contains the CloudProvider details.

Step5_c

Step 6: Now Go into the module Folder by running the below code.

$cd module

1	$cd module

Here you will see two folders, Firewall, and Networking. Here we are segregating the Resource to the provision in the AWS platform in a modular way. Go into each folder and check the Files present.

Step6

Step 7: Now Go back to the Folder where main.tf File is presently using the below command.

$ cd /home/NetworkFirewall/FirewallTerraform

1	$ cd /home/NetworkFirewall/FirewallTerraform

Execute the below Code

Initialize the terraform code.

$ terraform init

1	$ terraform init

Output: If no errors.

Step7

Execute the below code to preview the action Terraform would take to modify your Infrastructure.

$ terraform plan

1	$ terraform plan

Output: If not Errors.

Step7_b

Execute the below Code:

The terraform apply command performs a plan just like terraform plan does, but then actually carries out the planned changes to each resource using the relevant infrastructure provider’s API.

$ terraform apply --auto-approve

1	$ terraform apply --auto-approve

Step7_c

You will get the output in this way. Provisioning AWS Network Firewall using terraform started.

Step 8: Check and verify the newly provisioned resources in the AWS console.

VPC

VPC

Subnets

Subnets

Route Table

RouteTable

Internet Gateway

InternetGateway

Firewall

FireWall

Firewall Policy

Firewall_Policy

Firewall Rule Group

Firewall_Rulegroup

Step 9: Create an windows instance in Firewall-VPC in Resource subnet. Try to access the blocked domain name in the browser. You will find error page or page not found.

Step8

Step 10: Destroy the Infrastructure using the below command.

$ terraform destroy –auto-approve

1	$ terraform destroy –auto-approve

If you get any errors, Try again the same command.

Conclusion

Provisioning infrastructure on the cloud using Terraform gives us more grip on the infrastructure and fewer manual tasks. The configuration language is human-readable, making us write the infra code more quickly. This allows us to track resource changes or any updates throughout the deployment.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

Cloud Training
Customized Training
Experiential Learning

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Premier Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Education Competency Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner, and many more.

FAQs

1. What is the importance of making modules in the terraform?

ANS: – Using modules we can create multiple and smaller terraform files. Which altogether makes a big terraform script. Updating and editing the code would become simpler and easier. We will be getting the possibility to Reuse the Code in many deployments.

2. What are the capabilities, in terms of security for the services and workloads in AWS?

ANS: – We have a few services like Security Groups, which provide security for the instance level. Network Control List, which provides the security for the Subnet level. AWS WAF provides the security for the workload or applications that are running on the CloudFront, load balancers, and API. AWS shield provides security against DDoS attacks.

WRITTEN BY Karthik Kumar P V

Karthik Kumar Patro Voona is a Research Associate (Kubernetes) at CloudThat Technologies. He Holds Bachelor's degree in Information and Technology and has good programming knowledge of Python. He has experience in both AWS and Azure. He has a passion for Cloud-computing and DevOps. He has good working experience in Kubernetes and DevOps Tools like Terraform, Ansible, and Jenkins. He is a very good Team player, Adaptive and interested in exploring new technologies.