github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/compute/AVD-GCP-0027/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/compute/AVD-GCP-0027/Terraform.md (about)

     1  
     2  Set a more restrictive cidr range
     3  
     4  ```hcl
     5  resource "google_compute_firewall" "good_example" {
     6    source_ranges = ["1.2.3.4/32"]
     7    allow {
     8      protocol = "icmp"
     9    }
    10  }
    11  ```
    12  ```hcl
    13  resource "google_compute_firewall" "allow-vms-to-some-machine" {
    14    name      = "allow-vms-to-some-machine"
    15    network   = local.network
    16    priority  = 1300
    17    direction = "INGRESS"
    18    allow {
    19      protocol = "tcp"
    20      ports    = ["8081"]
    21    }
    22    source_tags = ["vms"]
    23    target_tags = ["some-machine"]
    24  }
    25  ```
    26  ```hcl
    27  resource "google_compute_firewall" "test" {
    28    name    = "gmp-validating-webhook-fw"
    29    network = google_compute_network.my_vpc_name.self_link
    30  
    31    allow {
    32      protocol = "tcp"
    33      ports    = ["8443"]
    34    }
    35  
    36    target_tags   = [ "k8s-node-pool" ]
    37    source_ranges = [google_container_cluster.my_cluster_name.private_cluster_config[0].master_ipv4_cidr_block]
    38  }
    39  
    40  ```
    41  
    42  #### Remediation Links
    43   - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#source_ranges
    44  
    45   - https://www.terraform.io/docs/providers/google/r/compute_firewall.html
    46