Skip to content

netascode/terraform-fmc-nac-fmc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
.github
.github
 
 
defaults
defaults
 
 
examples/network_groups
examples/network_groups
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.tflint.hcl
.tflint.hcl
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fmc_devices.tf
fmc_devices.tf
 
 
fmc_devices_maps.tf
fmc_devices_maps.tf
 
 
fmc_devices_routing.tf
fmc_devices_routing.tf
 
 
fmc_existing.tf
fmc_existing.tf
 
 
fmc_integrations.tf
fmc_integrations.tf
 
 
fmc_integrations_maps.tf
fmc_integrations_maps.tf
 
 
fmc_locals.tf
fmc_locals.tf
 
 
fmc_objects.tf
fmc_objects.tf
 
 
fmc_objects_maps.tf
fmc_objects_maps.tf
 
 
fmc_policies.tf
fmc_policies.tf
 
 
fmc_system.tf
fmc_system.tf
 
 
fmc_vpns.tf
fmc_vpns.tf
 
 
main.tf
main.tf
 
 
merge.tf
merge.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Terraform Network-as-Code Cisco FMC Module

A Terraform module to configure Cisco FMC.

Usage

This module supports an inventory driven approach, where a complete FMC configuration or parts of it are either modeled in one or more YAML files or natively using Terraform variables.

Examples

Configuring a Network-group Object using YAML:

data/existing.nac.yaml

---
existing:
  fmc:
    domains:
      - name: Global

        objects:

          networks:
            - name: any-ipv4

data/fmc.nac.yaml

---
fmc:
  domains:
    - name: Global

      objects:

        hosts:
          - name: MyHost1
            ip: 10.10.10.10
          - name: MyHost2
            ip: 20.20.20.20

        network_groups:
          - name: MyNetworkGroup1
            objects:
              - MyHost1
              - any-ipv4
          - name: MyNetworkGroup2
            objects:
              - MyNetworkGroup1
              - MyHost2

main.tf

module "fmc" {
  source  = "netascode/nac-fmc/fmc"
  version = ">=0.0.1"

  yaml_directories = ["data"]
}

Requirements

Name Version
terraform >= 1.8.0
fmc >= 2.1.0
local >= 2.3.0, < 3.0.0
utils >= 1.0.2, < 2.0.0

Inputs

Name Description Type Default Required
manage_deployment Enables support for FTD deployments bool true no
model As an alternative to YAML files, a native Terraform data structure can be provided as well. 
object({
    fmc = optional(object({
      name              = optional(string)
      system            = optional(map(any))
      domains           = optional(list(any), [])
      nac_configuration = optional(map(any))
      version           = optional(string)
    }), {})
    defaults = optional(map(any), {})
    existing = optional(map(any), {})
  })
 {} no
write_default_values_file Write all default values to a YAML file. Value is a path pointing to the file to be created. string "" no
yaml_directories List of paths to YAML directories. list(string) [] no
yaml_files List of paths to YAML files. list(string) [] no

Outputs

Name Description
default_values All default values.
model Full model.

Resources

Name Type
fmc_access_control_policy.access_control_policy resource
fmc_application_filter.application_filter resource
fmc_application_filters.application_filters resource
fmc_as_path.as_path resource
fmc_as_paths.as_paths resource
fmc_bfd_template.bfd_template resource
fmc_bfd_templates.bfd_templates resource
fmc_certificate_enrollment.certificate_enrollment resource
fmc_certificate_enrollment.certificate_enrollment_acme resource
fmc_certificate_map.certificate_map resource
fmc_certificate_maps.certificate_maps resource
fmc_chassis.chassis resource
fmc_chassis_etherchannel_interface.chassis_etherchannel_interface resource
fmc_chassis_logical_device.chassis_logical_device resource
fmc_chassis_physical_interface.chassis_physical_interface resource
fmc_chassis_subinterface.chassis_subinterface resource
fmc_device.device resource
fmc_device_bfd.device_bfd resource
fmc_device_bgp.device_bgp resource
fmc_device_bgp_general_settings.device_bgp_general_settings resource
fmc_device_cluster.device_cluster resource
fmc_device_deploy.chassis_deploy resource
fmc_device_deploy.device_deploy resource
fmc_device_etherchannel_interface.device_etherchannel_interface resource
fmc_device_ha_pair.device_ha_pair resource
fmc_device_ha_pair_failover_interface_mac_address.device_ha_pair_failover_interface_mac_address resource
fmc_device_ha_pair_monitoring.device_ha_pair_monitoring resource
fmc_device_ipv4_static_route.device_ipv4_static_route resource
fmc_device_ipv6_static_route.device_ipv6_static_route resource
fmc_device_loopback_interface.device_loopback_interface resource
fmc_device_physical_interface.device_physical_interface resource
fmc_device_subinterface.device_subinterface resource
fmc_device_virtual_tunnel_interface.device_virtual_tunnel_interface resource
fmc_device_vrf.device_vrf resource
fmc_dns_server_group.dns_server_group resource
fmc_dns_server_groups.dns_server_groups resource
fmc_dynamic_objects.dynamic_objects resource
fmc_expanded_community_list.expanded_community_list resource
fmc_expanded_community_lists.expanded_community_lists resource
fmc_extended_access_list.extended_access_list resource
fmc_extended_community_list.extended_community_list resource
fmc_extended_community_lists.extended_community_lists resource
fmc_external_certificate.external_certificate resource
fmc_file_policy.file_policy resource
fmc_fqdn.fqdn resource
fmc_fqdns.fqdns resource
fmc_ftd_nat_policy.ftd_nat_policy resource
fmc_ftd_platform_settings.ftd_platform_settings resource
fmc_ftd_platform_settings_banner.ftd_platform_settings_banner resource
fmc_ftd_platform_settings_http_access.ftd_platform_settings_http_access resource
fmc_ftd_platform_settings_icmp_access.ftd_platform_settings_icmp_access resource
fmc_ftd_platform_settings_snmp.ftd_platform_settings_snmp resource
fmc_ftd_platform_settings_ssh_access.ftd_platform_settings_ssh_access resource
fmc_ftd_platform_settings_syslog_email_setup.ftd_platform_settings_syslog_email_setup resource
fmc_ftd_platform_settings_syslog_event_list.ftd_platform_settings_syslog_event_list resource
fmc_ftd_platform_settings_syslog_logging_destination.ftd_platform_settings_syslog_logging_destination resource
fmc_ftd_platform_settings_syslog_logging_setup.ftd_platform_settings_syslog_logging_setup resource
fmc_ftd_platform_settings_syslog_rate_limit.ftd_platform_settings_syslog_rate_limit resource
fmc_ftd_platform_settings_syslog_servers.ftd_platform_settings_syslog_servers resource
fmc_ftd_platform_settings_syslog_settings.ftd_platform_settings_syslog_settings resource
fmc_ftd_platform_settings_syslog_settings_syslog_id.ftd_platform_settings_syslog_settings_syslog_id resource
fmc_ftd_platform_settings_time_synchronization.ftd_platform_settings_time_synchronization resource
fmc_geolocation.geolocation resource
fmc_geolocations.geolocations resource
fmc_group_policy.group_policy resource
fmc_health_policy.health_policy resource
fmc_host.host resource
fmc_hosts.hosts resource
fmc_icmpv4.icmpv4 resource
fmc_icmpv4s.icmpv4s resource
fmc_icmpv6.icmpv6 resource
fmc_icmpv6s.icmpv6s resource
fmc_ikev1_ipsec_proposal.ikev1_ipsec_proposal resource
fmc_ikev1_ipsec_proposals.ikev1_ipsec_proposals resource
fmc_ikev1_policies.ikev1_policies resource
fmc_ikev1_policy.ikev1_policy resource
fmc_ikev2_ipsec_proposal.ikev2_ipsec_proposal resource
fmc_ikev2_ipsec_proposals.ikev2_ipsec_proposals resource
fmc_ikev2_policies.ikev2_policies resource
fmc_ikev2_policy.ikev2_policy resource
fmc_interface_group.interface_group resource
fmc_interface_groups.interface_groups resource
fmc_internal_certificate.internal_certificate resource
fmc_internal_certificate_authority.internal_certificate_authority resource
fmc_intrusion_policy.intrusion_policy resource
fmc_intrusion_policy.intrusion_policy_l2 resource
fmc_ipv4_address_pool.ipv4_address_pool resource
fmc_ipv4_address_pools.ipv4_address_pools resource
fmc_ipv4_prefix_list.ipv4_prefix_list resource
fmc_ipv4_prefix_lists.ipv4_prefix_lists resource
fmc_ipv6_address_pool.ipv6_address_pool resource
fmc_ipv6_address_pools.ipv6_address_pools resource
fmc_ipv6_prefix_list.ipv6_prefix_list resource
fmc_ipv6_prefix_lists.ipv6_prefix_lists resource
fmc_network.network resource
fmc_network_analysis_policy.network_analysis_policy resource
fmc_network_groups.network_groups resource
fmc_network_groups.network_groups_l1 resource
fmc_network_groups.network_groups_l2 resource
fmc_networks.networks resource
fmc_policy_assignment.access_control_policy resource
fmc_policy_assignment.ftd_nat_policy resource
fmc_policy_assignment.ftd_platform_settings resource
fmc_policy_assignment.health_policy resource
fmc_policy_list.policy_list resource
fmc_policy_lists.policy_lists resource
fmc_port.port resource
fmc_port_group.port_group resource
fmc_port_groups.port_groups resource
fmc_ports.ports resource
fmc_prefilter_policy.prefilter_policy resource
fmc_radius_server_group.radius_server_group resource
fmc_range.range resource
fmc_ranges.ranges resource
fmc_realm_ad_ldap.realm_ad_ldap resource
fmc_realm_local.realm_local resource
fmc_resource_profile.resource_profile resource
fmc_resource_profiles.resource_profiles resource
fmc_route_map.route_map resource
fmc_secure_client_custom_attribute.secure_client_custom_attribute resource
fmc_secure_client_customization.secure_client_customization resource
fmc_secure_client_external_browser_package.secure_client_external_browser_package resource
fmc_secure_client_image.secure_client_image resource
fmc_secure_client_posture_package.secure_client_posture_package resource
fmc_secure_client_profile.secure_client_profile resource
fmc_security_zone.security_zone resource
fmc_security_zones.security_zones resource
fmc_service_access.service_access resource
fmc_sgt.sgt resource
fmc_sgts.sgts resource
fmc_single_sign_on_server.single_sign_on_server resource
fmc_smart_license.smart_license resource
fmc_standard_access_list.standard_access_list resource
fmc_standard_community_list.standard_community_list resource
fmc_standard_community_lists.standard_community_lists resource
fmc_time_range.time_range resource
fmc_time_ranges.time_ranges resource
fmc_trusted_certificate_authority.trusted_certificate_authority resource
fmc_tunnel_zone.tunnel_zone resource
fmc_tunnel_zones.tunnel_zones resource
fmc_url.url resource
fmc_url_group.url_group resource
fmc_url_groups.url_groups resource
fmc_urls.urls resource
fmc_vlan_tag.vlan_tag resource
fmc_vlan_tag_group.vlan_tag_group resource
fmc_vlan_tag_groups.vlan_tag_groups resource
fmc_vlan_tags.vlan_tags resource
fmc_vpn_ra.vpn_ra resource
fmc_vpn_ra_address_assignment_policy.vpn_ra_address_assignment_policy resource
fmc_vpn_ra_certificate_map.vpn_ra_certificate_map resource
fmc_vpn_ra_connection_profiles.vpn_ra_connection_profiles resource
fmc_vpn_ra_ipsec_crypto_map.vpn_ra_ipsec_crypto_map resource
fmc_vpn_ra_ipsec_ike_parameters.vpn_ra_ipsec_ike_parameters resource
fmc_vpn_ra_ldap_attribute_map.vpn_ra_ldap_attribute_map resource
fmc_vpn_ra_load_balancing.vpn_ra_load_balancing resource
fmc_vpn_ra_secure_client_customization.vpn_ra_secure_client_customization resource
fmc_vpn_s2s.vpn_s2s resource
fmc_vpn_s2s_advanced_settings.vpn_s2s_advanced_settings resource
fmc_vpn_s2s_endpoints.vpn_s2s_endpoints resource
fmc_vpn_s2s_ike_settings.vpn_s2s_ike_settings resource
fmc_vpn_s2s_ipsec_settings.vpn_s2s_ipsec_settings resource
local_sensitive_file.defaults resource
terraform_data.validation resource
fmc_access_control_policy.access_control_policy data source
fmc_application_business_relevances.application_business_relevances data source
fmc_application_categories.application_categories data source
fmc_application_filters.application_filters data source
fmc_application_risks.application_risks data source
fmc_application_tags.application_tags data source
fmc_application_types.application_types data source
fmc_applications.applications data source
fmc_as_paths.as_paths data source
fmc_bfd_templates.bfd_templates data source
fmc_certificate_enrollment.certificate_enrollment data source
fmc_certificate_maps.certificate_maps data source
fmc_chassis.chassis data source
fmc_chassis_etherchannel_interface.chassis_etherchannel_interface data source
fmc_chassis_physical_interface.chassis_physical_interface data source
fmc_chassis_subinterface.chassis_subinterface data source
fmc_continents.continents data source
fmc_countries.countries data source
fmc_device.device data source
fmc_device_bgp_general_settings.device_bgp_general_settings data source
fmc_device_cluster.device_cluster data source
fmc_device_etherchannel_interface.device_etherchannel_interface data source
fmc_device_ha_pair.device_ha_pair data source
fmc_device_loopback_interface.device_loopback_interface data source
fmc_device_physical_interface.device_physical_interface data source
fmc_device_subinterface.device_subinterface data source
fmc_device_virtual_tunnel_interface.device_virtual_tunnel_interface data source
fmc_device_vrf.device_vrf data source
fmc_dns_server_groups.dns_server_groups data source
fmc_dynamic_objects.dynamic_objects data source
fmc_endpoint_device_types.endpoint_device_types data source
fmc_expanded_community_lists.expanded_community_lists data source
fmc_extended_access_list.extended_access_list data source
fmc_extended_community_lists.extended_community_lists data source
fmc_external_certificate.external_certificate data source
fmc_file_categories.file_categories data source
fmc_file_policy.file_policy data source
fmc_file_types.file_types data source
fmc_fqdns.fqdns data source
fmc_ftd_nat_policy.ftd_nat_policy data source
fmc_ftd_platform_settings.ftd_platform_settings data source
fmc_geolocations.geolocations data source
fmc_group_policy.group_policy data source
fmc_health_policy.health_policy data source
fmc_hosts.hosts data source
fmc_icmpv4s.icmpv4s data source
fmc_icmpv6s.icmpv6s data source
fmc_ikev1_ipsec_proposals.ikev1_ipsec_proposals data source
fmc_ikev1_policies.ikev1_policies data source
fmc_ikev2_ipsec_proposals.ikev2_ipsec_proposals data source
fmc_ikev2_policies.ikev2_policies data source
fmc_interface_groups.interface_groups data source
fmc_internal_certificate.internal_certificate data source
fmc_internal_certificate_authority.internal_certificate_authority data source
fmc_intrusion_policy.intrusion_policy data source
fmc_ipv4_address_pools.ipv4_address_pools data source
fmc_ipv4_prefix_lists.ipv4_prefix_lists data source
fmc_ipv6_address_pools.ipv6_address_pools data source
fmc_ipv6_prefix_lists.ipv6_prefix_lists data source
fmc_ise_sgts.ise_sgts data source
fmc_network_analysis_policy.network_analysis_policy data source
fmc_network_groups.network_groups data source
fmc_networks.networks data source
fmc_policy_lists.policy_lists data source
fmc_port_groups.port_groups data source
fmc_ports.ports data source
fmc_prefilter_policy.prefilter_policy data source
fmc_radius_server_group.radius_server_group data source
fmc_ranges.ranges data source
fmc_realm_ad_ldap.realm_ad_ldap data source
fmc_realm_local.realm_local data source
fmc_resource_profiles.resource_profiles data source
fmc_route_map.route_map data source
fmc_secure_client_custom_attribute.secure_client_custom_attribute data source
fmc_secure_client_customization.secure_client_customization data source
fmc_secure_client_external_browser_package.secure_client_external_browser_package data source
fmc_secure_client_image.secure_client_image data source
fmc_secure_client_posture_package.secure_client_posture_package data source
fmc_secure_client_profile.secure_client_profile data source
fmc_security_zones.security_zones data source
fmc_service_access.service_access data source
fmc_sgts.sgts data source
fmc_single_sign_on_server.single_sign_on_server data source
fmc_snmp_alerts.snmp_alerts data source
fmc_standard_access_list.standard_access_list data source
fmc_standard_community_lists.standard_community_lists data source
fmc_syslog_alerts.syslog_alerts data source
fmc_time_ranges.time_ranges data source
fmc_trusted_certificate_authority.trusted_certificate_authority data source
fmc_tunnel_zones.tunnel_zones data source
fmc_url_groups.url_groups data source
fmc_urls.urls data source
fmc_variable_set.variable_set data source
fmc_vlan_tag_groups.vlan_tag_groups data source
fmc_vlan_tags.vlan_tags data source
fmc_vpn_ra.vpn_ra data source
fmc_vpn_s2s.vpn_s2s data source

Modules

No modules.

About

Terraform Cisco FMC Network-as-Code Module

registry.terraform.io/modules/netascode/nac-fmc/fmc

Topics

security cisco terraform iac fmc nac terraform-module network-as-code

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

8 watching

Forks

7 forks
Report repository

Releases

8 tags

Packages

 
 
 

Contributors

Languages