aws-elbhelper
Very targeted script that allows update of the FW NAT rules based on the dynamic AWS' ELB VIP changes
ELBHelper
Elb helper is a targeted Python application that monitors changes in the ELB VIPs and updates NAT firewall rule if necessary. This project is part 2 of Amazon security competency.
Requirements
- 2 firewalls in 2 AWS zones
- 2 DP interfaces per firewall configured as Layer3 DHCP clients
- 2 layer 3 security zones 'external' and 'internal'
- ethernet1/1 member of 'external' and ethernet1/2 member of 'internal' zone
- security rule that permits service-http from external to internal
- must have FW1-eth1 address object defined that point to Firewall's eth1 private IP (This is used in the NAT rule ansembly).
Notes
- all Firewall must have and share the same password
- for 'poor-man-HA' must have 'aws' profile set in
~/.aws/credentials
- MUST EDIT THE FOLLOWING ACCORDING TO YOUR ENVIRONMENT
vim ~/elbhelper/config/defaults.py