Terraform modules that allow for easy egress filtering in Cloud. It was loosely inspired by this article on the AWS Security Blog.
It's especially useful for systems that value data security. Using egress filtering handles a vast array of attack vectors, like Reverse Shells.
This codebase is currently under early-stage developemnt. It is still not tested, contains hardcoded values and only works for special use-cases.
If you need this module show us love by leaving a star, and consider contributing.
The module re-configures the entire VPC routing to redirect all egress traffic to a MITM Proxy in Transparent mode. This allows us to avoid client-side configuration and ensures all egress traffic is compliant by default.
The Proxy acts as a NAT gateway for the VPC and gets exclusive rights to access the Internet via network tags and firewall rules.
TODO: abstract architecture diagram
GCP example:
module "egress_filter" {
source = "TODO"
variable = "TODO
}- Google Cloud Platform (:construction: Under development)
- AWS (:hourglass_flowing_sand: planned)
- Azure (:hourglass_flowing_sand: planned)
Code style guide can be found here
For static code analysis we are using tfsec - tool for static analysis of terraform code to spot potential misconfigurations.
Module documentation is generated using tfdoc. Be sure to follow our code convention!
We appreciate feedback and contribution to this template! Before you get started, please see the following:
This repo is covered under the GNU General Public License
