On my previous blog, Micro-Segmentation Cloud Architecture with Aviatrix, we came up with the following information we extracted from the micro-segmentation allow logs:
- 10.255.230.37 can be considered a client
- 10.255.240.36 can be considered a server
- 10.255.230.37 can be allocated to a segment (app domain 1)
- 10.255.240.36 can be allocated to a different segment (app domain 2)
- a policy allowing app domain 1 to talk to app domain 2 on port 80 would be required
In this blog I’m going to create the configuration to comply with the information above but instead of using the CoPilot GUI as I have been using, I’m going to use the following Terraform modules:
- App Domain: https://registry.terraform.io/providers/AviatrixSystems/aviatrix/latest/docs/resources/aviatrix_app_domain
The app domain terraform will look like:
And policies with the micro-segmentation policy:
Microseg Policy: https://registry.terraform.io/providers/AviatrixSystems/aviatrix/latest/docs/resources/aviatrix_microseg_policy_list
The file containing the policies will look like:
Source and destination domains fields uses the UUID instead names. Besides that, the examples above are simple but the idea is to introduce the terraform modules and show how to use them. More examples to come!