Dashboard / Repos / Terraform Aws Network Firewall

Terraform Aws Network Firewall

C+ 78 completed
Devops
infrastructure / markdown · tiny
25
Files
1,868
LOC
0
Frameworks
3
Languages
OverviewFiles & MetricsGit ActivityCall GraphSecurityReports

Pipeline State

completed
Run ID
#352790
Phase
done
Progress
1%
Started
Finished
2026-04-13 01:31:02
LLM tokens
0

Pipeline Metadata

Stage
Skipped
Decision
skip_scaffold_dup
Novelty
33.56
Framework unique
Isolation
Last stage change
2026-04-16 18:15:42
Deduplication group #49050
Member of a group with 1 similar repo(s) — canonical #93014 view group →
Top concepts (2)
Project DescriptionDocumentation
All rows above produced by Repobility · https://repobility.com

AI Prompt

I want to deploy a production-ready, centralized inspection VPC pattern using Terraform for AWS. The setup needs to deploy AWS Network Firewall, ensuring all inter-VPC and egress traffic is inspected. Specifically, I need to configure stateful and stateless rule groups, integrate Suricata IDS/IPS rules, and implement domain filtering for deep packet inspection. The architecture should support connecting multiple spoke VPCs via a Transit Gateway, and all logs must be directed to an encrypted S3 bucket and CloudWatch Logs, utilizing KMS for encryption.
terraform aws network firewall infrastructure iac aws-network-firewall vpc yaml markdown
Generated by gemma4:latest

Catalog Information

Deploys AWS Network Firewall with advanced rule sets and centralized inspection in a VPC.

Description

This Terraform module provisions a production‑ready AWS Network Firewall that routes all inter‑VPC and egress traffic through a centralized inspection VPC. It supports both stateless L3/L4 rule groups and stateful 5‑tuple rule groups, allowing fine‑grained packet filtering. The module integrates Suricata‑compatible IDS/IPS signatures for deep packet inspection and threat detection. Domain filtering capabilities enable blocking or allowing traffic based on HTTP/TLS SNI domain names. All logs are forwarded to encrypted S3 buckets and CloudWatch Logs, with optional KMS encryption. The architecture follows a best‑practice pattern that separates public, firewall, and transit gateway subnets. It is intended for cloud security architects and DevOps teams that need a scalable, production‑ready firewall solution. The module simplifies deployment by providing reusable Terraform resources and variables.

الوصف

يُنشئ هذا الموديول جدار حماية AWS مُجهزًا للإنتاج يمرّ جميع حركة المرور بين VPCs وخارجها عبر VPC فحص مركزي. يدعم الموديول مجموعات قواعد إحصائية L3/L4 ومجموعات قواعد حالة 5‑tuple، ما يتيح تصفية حزم دقيقة. يدمج الموديول توقيعات IDS/IPS متوافقة مع Suricata لفحص الحزم العميق واكتشاف التهديدات. تسمح ميزات تصفية النطاقات بحظر أو السماح بحركة المرور بناءً على أسماء النطاقات في HTTP/TLS SNI. تُرسل جميع السجلات إلى حاويات S3 مشفرة وسجلات CloudWatch، مع إمكانية تشفير KMS. يتبع التصميم نمطًا أفضل الممارسات يفصل بين الشبكات العامة، وشبكات الجدار الناري، وشبكات بوابة النقل. يُستهدف هذا الموديول مهندسي أمان السحابة وفرق DevOps الذين يحتاجون إلى حل جدار حماية قابل للتوسع ومُجهز للإنتاج. يُبسط الموديول النشر من خلال توفير موارد Terraform قابلة لإعادة الاستخدام والمتغيرات.

Novelty

7/10

Tags

network-security firewall intrusion-detection domain-filtering centralized-inspection vpc-traffic-control

Claude Models

claude-opus-4.6

Quality Score

C+
78.0/100
Structure
74
Code Quality
100
Documentation
55
Testing
55
Practices
78
Security
100
Dependencies
50

Strengths

  • CI/CD pipeline configured (github_actions)
  • Consistent naming conventions (snake_case)
  • Low average code complexity \u2014 well-structured code
  • Good security practices \u2014 no major issues detected
  • Properly licensed project

Recommendations

  • Add a linter configuration to enforce code style consistency

Security & Health

4.1h
Tech Debt (D)
A
OWASP (100%)
PASS
Quality Gate
A
Risk (5)
Repobility — same analyzer, your code, free for public repos · /scan/
MIT
License
0.0%
Duplication
Full Security Report AI Fix Prompts SARIF SBOM

Languages

markdown
48.8%
html
42.4%
yaml
8.8%

Frameworks

None detected

Concepts (2)

Scored by Repobility's multi-pass pipeline · https://repobility.com
CategoryNameDescriptionConfidence
About: code-quality intelligence by Repobility · https://repobility.com
auto_descriptionProject DescriptionProduction-ready Terraform module for deploying AWS Network Firewall with stateful/stateless rule groups, Suricata IDS/IPS rules, domain filtering, and centralized inspection VPC pattern support.80%
auto_categoryDocumentationdocs70%

Quality Timeline

1 quality score recorded.

View File Metrics

Embed Badge

Add to your README:

![Quality](https://repos.aljefra.com/badge/76902.svg)
Quality BadgeSecurity Badge
Export Quality CSVDownload SBOMExport Findings CSV