Firewall policy as code with Hashicorp Terraform
Hashicorp Terraform is a tool for managing infrastructure as code. You describe the desired state in versioned text files and the Terraform tool will drag your infrastructure into that state. Sometimes it feels like creating the code takes longer than just using the admin GUI to get something done. Sometimes it’s MUCH faster… This post describes adding 300 address ranges to a network security rule in just one line. How to create a terraform list from a text file.
Terraform list from text file
The Terraform file function, combined with the split function enables you to create a list based on newline separated file of destination addresses. The chomp function removes those newline characters at the end of a string.
destination_addresses = split("\n", chomp(file("SomeTextFile.txt")))
Now you can use a SaaS provider’s downloadable list of IPs in network security rules and refresh the list without changing code.
network_rule_collection {
name = "Desktops_to_Zoom"
priority = 1000
action = "Allow"
rule {
name = "zoom_meeting_TCP"
protocols = ["TCP"]
source_addresses = ["10.0.0.1/24"]
# https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060548#h_01EJHWF2FSMCD2HFEPMQJMKAM4
# https://assets.zoom.us/docs/ipranges/ZoomMeetings.txt
destination_addresses = split("\n", chomp(file("ZoomMeetings.txt")))
destination_ports = ["8801-8802"] // add a separate application rule for HTTPS traffic on port 443
}
rule {
name = "zoom_meeting_UDP"
protocols = ["UDP"]
source_addresses = ["10.0.0.1/24"]
# https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060548#h_01EJHWF2FSMCD2HFEPMQJMKAM4
# https://assets.zoom.us/docs/ipranges/ZoomMeetings.txt
destination_addresses = split("\n", chomp(file("ZoomMeetings.txt")))
destination_ports = ["3478", "3479", "8801-8810"]
}
}