This repository provides terraform modules for an HTTP Knocking mechanism
for AWS security groups (firewalls).
It's a cloud-based serverless alternative to port knocking.
Before connecting to a non-public service, hosted on AWS
(e.g. SSH, Remote Desktop, ... - on an EC2 instance)
which is disabled by the firewall (= AWS security group)
we do something like a port knocking.
By requesting a specific URL with an HTTP GET request,
the Lambda function will add an inbound rule to the security group
and grant access for the requesting IP and a defined port.
A second Lambda is called regularly by CloudWatch
to remove all inbound rules for the defined port.
Notice: HTTP Knocking is of course just an (optional) second factor for an authentication.
! A primary authentication method is always required !
This module provides an API Gateway for REST calls to open the firewall.
GET request to the API:
Endpoint: https://domain.com/base-path/open
Method: GET
This module provides the Lambda infrastructure to open the firewall.
This module provides the CloudWatch & Lambda infrastructure to close the firewall regularly.
Install https://github.com/tfutils/tfenv
tfenv install