diff --git a/README.md b/README.md
index 71bc81d..6370a86 100644
--- a/README.md
+++ b/README.md
@@ -137,8 +137,8 @@ No resources.
| [policy\_stateful\_engine\_options](#input\_policy\_stateful\_engine\_options) | A configuration block that defines options on how the policy handles stateful rules. See [Stateful Engine Options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-engine-options) for details | `any` | `{}` | no |
| [policy\_stateful\_rule\_group\_reference](#input\_policy\_stateful\_rule\_group\_reference) | Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See [Stateful Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-rule-group-reference) for details | `any` | `{}` | no |
| [policy\_stateless\_custom\_action](#input\_policy\_stateless\_custom\_action) | Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions` | `any` | `{}` | no |
-| [policy\_stateless\_default\_actions](#input\_policy\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
-| [policy\_stateless\_fragment\_default\_actions](#input\_policy\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
+| [policy\_stateless\_default\_actions](#input\_policy\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
+| [policy\_stateless\_fragment\_default\_actions](#input\_policy\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
| [policy\_stateless\_rule\_group\_reference](#input\_policy\_stateless\_rule\_group\_reference) | Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See [Stateless Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateless-rule-group-reference) for details | `any` | `{}` | no |
| [policy\_tags](#input\_policy\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
| [subnet\_change\_protection](#input\_subnet\_change\_protection) | A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to `true` | `bool` | `true` | no |
diff --git a/modules/firewall/README.md b/modules/firewall/README.md
index 54436b9..377ff26 100644
--- a/modules/firewall/README.md
+++ b/modules/firewall/README.md
@@ -62,7 +62,7 @@ module "network_firewall" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
+| [terraform](#requirement\_terraform) | >= 1.1.0 |
| [aws](#requirement\_aws) | >= 5.2 |
## Providers
diff --git a/modules/firewall/versions.tf b/modules/firewall/versions.tf
index cc22f92..bd3d55c 100644
--- a/modules/firewall/versions.tf
+++ b/modules/firewall/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.1.0"
required_providers {
aws = {
diff --git a/modules/policy/README.md b/modules/policy/README.md
index 462f1e2..d992efe 100644
--- a/modules/policy/README.md
+++ b/modules/policy/README.md
@@ -41,7 +41,7 @@ module "network_firewall_policy" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
+| [terraform](#requirement\_terraform) | >= 1.1.0 |
| [aws](#requirement\_aws) | >= 5.2 |
## Providers
@@ -81,8 +81,8 @@ No modules.
| [stateful\_engine\_options](#input\_stateful\_engine\_options) | A configuration block that defines options on how the policy handles stateful rules. See [Stateful Engine Options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-engine-options) for details | `any` | `{}` | no |
| [stateful\_rule\_group\_reference](#input\_stateful\_rule\_group\_reference) | Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See [Stateful Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-rule-group-reference) for details | `any` | `{}` | no |
| [stateless\_custom\_action](#input\_stateless\_custom\_action) | Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions` | `any` | `{}` | no |
-| [stateless\_default\_actions](#input\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
-| [stateless\_fragment\_default\_actions](#input\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
+| [stateless\_default\_actions](#input\_stateless\_default\_actions) | Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
+| [stateless\_fragment\_default\_actions](#input\_stateless\_fragment\_default\_actions) | Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe` | `list(string)` | [
"aws:pass"
]
| no |
| [stateless\_rule\_group\_reference](#input\_stateless\_rule\_group\_reference) | Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See [Stateless Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateless-rule-group-reference) for details | `any` | `{}` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
diff --git a/modules/policy/variables.tf b/modules/policy/variables.tf
index 6eb6ea6..5335f6f 100644
--- a/modules/policy/variables.tf
+++ b/modules/policy/variables.tf
@@ -2,6 +2,7 @@ variable "create" {
description = "Controls if resources should be created"
type = bool
default = true
+ nullable = false
}
variable "tags" {
@@ -24,54 +25,63 @@ variable "encryption_configuration" {
description = "KMS encryption configuration settings"
type = any
default = {}
+ nullable = false
}
variable "stateful_default_actions" {
description = "Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a `stateful_engine_options` block with a rule_order value of `STRICT_ORDER`. You can specify one of either or neither values of `aws:drop_strict` or `aws:drop_established`, as well as any combination of `aws:alert_strict` and `aws:alert_established`"
type = list(string)
default = []
+ nullable = false
}
variable "stateful_engine_options" {
description = "A configuration block that defines options on how the policy handles stateful rules. See [Stateful Engine Options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-engine-options) for details"
type = any
default = {}
+ nullable = false
}
variable "stateful_rule_group_reference" {
description = "Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See [Stateful Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateful-rule-group-reference) for details"
type = any
default = {}
+ nullable = false
}
variable "stateless_custom_action" {
description = "Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions`"
type = any
default = {}
+ nullable = false
}
variable "stateless_default_actions" {
description = "Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`"
type = list(string)
default = ["aws:pass"]
+ nullable = false
}
variable "stateless_fragment_default_actions" {
description = "Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`"
type = list(string)
default = ["aws:pass"]
+ nullable = false
}
variable "stateless_rule_group_reference" {
description = "Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See [Stateless Rule Group Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall_policy#stateless-rule-group-reference) for details"
type = any
default = {}
+ nullable = false
}
variable "name" {
description = "A friendly name of the firewall policy"
type = string
default = ""
+ nullable = false
}
################################################################################
@@ -82,30 +92,35 @@ variable "create_resource_policy" {
description = "Controls if a resource policy should be created"
type = bool
default = false
+ nullable = false
}
variable "resource_policy_actions" {
description = "A list of IAM actions allowed in the resource policy"
type = list(string)
default = []
+ nullable = false
}
variable "resource_policy_principals" {
description = "A list of IAM principals allowed in the resource policy"
type = list(string)
default = []
+ nullable = false
}
variable "attach_resource_policy" {
description = "Controls if a resource policy should be attached to the firewall policy"
type = bool
default = false
+ nullable = false
}
variable "resource_policy" {
description = "The policy JSON to use for the resource policy; required when `create_resource_policy` is `false`"
type = string
default = ""
+ nullable = false
}
################################################################################
@@ -116,4 +131,5 @@ variable "ram_resource_associations" {
description = "A map of RAM resource associations for the created firewall policy"
type = map(string)
default = {}
+ nullable = false
}
diff --git a/modules/policy/versions.tf b/modules/policy/versions.tf
index cc22f92..bd3d55c 100644
--- a/modules/policy/versions.tf
+++ b/modules/policy/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.1.0"
required_providers {
aws = {
diff --git a/modules/rule-group/README.md b/modules/rule-group/README.md
index c2fcad9..70e6918 100644
--- a/modules/rule-group/README.md
+++ b/modules/rule-group/README.md
@@ -111,7 +111,7 @@ module "network_firewall_rule_group_stateless" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0 |
+| [terraform](#requirement\_terraform) | >= 1.1.0 |
| [aws](#requirement\_aws) | >= 5.2 |
## Providers
diff --git a/modules/rule-group/variables.tf b/modules/rule-group/variables.tf
index 50e4f08..271d63c 100644
--- a/modules/rule-group/variables.tf
+++ b/modules/rule-group/variables.tf
@@ -2,12 +2,14 @@ variable "create" {
description = "Controls if Network Firewall resources should be created"
type = bool
default = true
+ nullable = false
}
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
+ nullable = false
}
################################################################################
@@ -18,6 +20,7 @@ variable "capacity" {
description = "The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules"
type = number
default = 100
+ nullable = false
}
variable "description" {
@@ -30,18 +33,21 @@ variable "encryption_configuration" {
description = "KMS encryption configuration settings"
type = any
default = {}
+ nullable = false
}
variable "name" {
description = "A friendly name of the rule group"
type = string
default = ""
+ nullable = false
}
variable "rule_group" {
description = "A configuration block that defines the rule group rules. Required unless `rules` is specified"
type = any
default = {}
+ nullable = false
}
variable "rules" {
@@ -54,6 +60,7 @@ variable "type" {
description = "Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`"
type = string
default = "STATELESS"
+ nullable = false
}
################################################################################
@@ -64,30 +71,35 @@ variable "create_resource_policy" {
description = "Controls if a resource policy should be created"
type = bool
default = false
+ nullable = false
}
variable "resource_policy_actions" {
description = "A list of IAM actions allowed in the resource policy"
type = list(string)
default = []
+ nullable = false
}
variable "resource_policy_principals" {
description = "A list of IAM principals allowed in the resource policy"
type = list(string)
default = []
+ nullable = false
}
variable "attach_resource_policy" {
description = "Controls if a resource policy should be attached to the rule group"
type = bool
default = false
+ nullable = false
}
variable "resource_policy" {
description = "The policy JSON to use for the resource policy; required when `create_resource_policy` is `false`"
type = string
default = ""
+ nullable = false
}
################################################################################
@@ -98,4 +110,5 @@ variable "ram_resource_associations" {
description = "A map of RAM resource associations for the created rule group"
type = map(string)
default = {}
+ nullable = false
}
diff --git a/modules/rule-group/versions.tf b/modules/rule-group/versions.tf
index cc22f92..bd3d55c 100644
--- a/modules/rule-group/versions.tf
+++ b/modules/rule-group/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.1.0"
required_providers {
aws = {
diff --git a/wrappers/firewall/versions.tf b/wrappers/firewall/versions.tf
index cc22f92..bd3d55c 100644
--- a/wrappers/firewall/versions.tf
+++ b/wrappers/firewall/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.1.0"
required_providers {
aws = {
diff --git a/wrappers/policy/versions.tf b/wrappers/policy/versions.tf
index cc22f92..bd3d55c 100644
--- a/wrappers/policy/versions.tf
+++ b/wrappers/policy/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.1.0"
required_providers {
aws = {
diff --git a/wrappers/rule-group/versions.tf b/wrappers/rule-group/versions.tf
index cc22f92..bd3d55c 100644
--- a/wrappers/rule-group/versions.tf
+++ b/wrappers/rule-group/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.0"
+ required_version = ">= 1.1.0"
required_providers {
aws = {