Barnaby Baron. Exploring AWS.

  • Building a VPC and installing a Network Firewall

Building a VPC and installing a Network Firewall

2024-04-10 3 min read Projects Barny Baron

Journey: 📊 Community Builder 📊

Subject matter: Building on AWS

Task: Build a VPC using IaC via Terraform and install a Network Firewall!

Following on from the project build where I created a VPC, in this article we provision the VPC again and then build out a Network Firewall.

Within the VPC, there are Public and Private subnets, an Internet Gateway, a security group, custom route tables, and a NAT Gateway.

Using the 6 Pillars of the AWS Well-Architected Framework, Operational Excellence will be achieved by using Terraform to deliver an Infrastructure as Code pipeline.

The first question is, why?

Simple, I haven’t created a Network Firewall before. So lets get on with it!

AWS

Credit: The Network Firewall architecture was created using guidance from Esteban on Medium Here

What did I use to build this environment?

  • Visual Studio Code platform
  • Terraform
  • AWS CLI
  • AWS Management Console

What is built?

  • Amazon VPC
  • Public and Private subnets
  • Security Groups
  • Custom Route Tables
  • Internet Gateway
  • NAT Gateway
  • Network Firewall
  • Network Firewall Subnet
  • Firewall Policy
  • Network Firewall rule groups
  • EC2 instance

As my VPC is built using IaC, I can deploy this quickly and then use the infrastructure to complete other project tasks.

In a production environment, I would also ensure we had resiliency with instances spanning Multiple AZs.

I launched an EC2 instance in my VPC and configured it to connect to my new VPC, Public Subnet and route through my Network Firewall!

Some of the highlights…

The base VPC builds:

VPC Built

AWS Management Console VPC Resource Map:

Resource Map

Network Firewall:

Firewall

Firewall Policy

Policy

Firewall Rule Groups:

Rule Groups

EC2 creation:

IGW

My interpretation of the architecture:

Architecture

Troubleshooting required!

What I did not anticipate was the problem I ran into when I came to destroy my environment.

Three words: Firewall Delete Protection

After much fun, I managed to troubleshoot that delightful issue which I will document in a different post.

I hope you have enjoyed the article, I enjoyed the build!

Cloud

Community Builder Network Firewall Terraform
© 2024 by Barny Baron
Powered by Bilberry Hugo Theme