If you have Cumulus set up for your AWS, Azure, or GCP cloud infrastructure, you can use it to easily (and automatically) collect settings and samples to satisfy requests for Application Firewall.
Note: if you have customized your evidence repository, the name, description, and requirements of your evidence may be different.
As with all Cumulus evidence collection, the power is in it's flexibility and configuration. With the low-code editor, you can customize what gets collected and from where, putting you in full control of the integration.
Cumulus data blocks for AWS
In AWS, security groups and network ACLs are commonly used to implement firewalls for controlling inbound and outbound traffic to your applications.
data "aws_security_group" "app_firewall" {
id = "sg-12345678"
# Replace with your security group ID
}
data.aws_security_group.app_firewall
data "aws_network_interface" "app_firewall" {
id = "acl-abcdefgh"
# Replace with your network ACL ID
}
data.aws_network_interface.app_firewall
Cumulus data blocks for AzureRM
In AzureRM, network security groups (NSGs) are commonly used to implement firewall rules for controlling inbound and outbound traffic to your applications.
data "azurerm_network_security_group" "app_firewall" {
name = "networkSecurityGroupName"
resource_group_name = "resourceGroupName"
# Replace with your NSG and resource group name
}
data.azurerm_network_security_group.app_firewall
Cumulus data blocks for GCP
In Google Cloud Platform (GCP), firewall rules are commonly used to control inbound and outbound traffic to your applications. While Hashicorp and Google do not provide a Terraform data block for Computer Firewalls, other data sources may be relevant to collect for evidence of your application's firewall configurations.
data "google_compute_network" "app_network" {
project = "your-project-id" # This is optional
name = "network-name" # Replace with your network name
}
data.google_compute_network.app_network