Migara Ekanayake migara

## main.tf
provider "aws" {
  region = "us-east-1"
}

module "vmseries-vpc" {
  source  = "PaloAltoNetworks/vmseries-modules/aws//modules/vpc"
  version = "0.2.2"

  name       = "vpc-example"
  create_vpc = false

## main.tf
module "vmseries" {
  source  = "PaloAltoNetworks/vmseries-modules/aws//examples/standalone_vmseries_with_userdata_bootstrap"
  version = "0.2.2"

  region = "us-east-1"
  name   = "vmseries-example"

  # VPC
  security_vpc_name = "security-vpc-example"
  security_vpc_cidr = "10.100.0.0/16"

## data_cloudngfw_ngfw.tf
data "cloudngfwaws_ngfw" "example" {
  name = "example-instance"
}

output "ngfw" {
  value = data.cloudngfwaws_ngfw.example.status
}

## cloudngfw_rulestack.tf
resource "cloudngfwaws_rulestack" "example" {
  name        = "terraform-rulestack"
  scope       = "Local"
  account_id  = "123456789"
  description = "Made by Terraform"
  profile_config {
    anti_spyware = "BestPractice"
  }
}

## cloudngfw_rule.tf
resource "cloudngfwaws_security_rule" "example" {
  rulestack   = cloudngfwaws_rulestack.example.name
  priority    = 100
  name        = "example-security-rule"
  description = "Configured via Terraform"
  source {
    cidrs = ["any"]
  }
  destination {
    cidrs = ["10.1.1.0/24"]

## cloudngfw_provider.tf
provider "cloudngfwaws" {
  host    = "api.us-east-1.aws.cloudngfw.paloaltonetworks.com"
  region  = "us-east-1"
  arn     = "arn:aws:iam::123456789:role/CloudNGFWRole"
}


## cloudngfw_ngfw.tf
resource "cloudngfwaws_ngfw" "example" {
  name        = "example-instance"
  vpc_id      = aws_vpc.example.id
  account_id  = "12345678"
  description = "Example description"

  endpoint_mode = "ServiceManaged"
  subnet_mapping {
    subnet_id = aws_subnet.firewall_subnet.id
  }

## cloudngfw_commit.tf
resource "cloudngfwaws_commit_rulestack" "example" {
  rulestack = "terraform-rulestack"
}

## cloudngfw_iam.tf
resource "aws_iam_role" "ngfw_role" {
  name = "CloudNGFWRole"

  inline_policy {
    name = "apigateway_policy"

    policy = jsonencode({
      "Version" : "2012-10-17",
      "Statement" : [
        {
	provider "aws" {
	region = "us-east-1"
	}

	module "vmseries-vpc" {
	source = "PaloAltoNetworks/vmseries-modules/aws//modules/vpc"
	version = "0.2.2"

	name = "vpc-example"
	create_vpc = false
	module "vmseries" {
	source = "PaloAltoNetworks/vmseries-modules/aws//examples/standalone_vmseries_with_userdata_bootstrap"
	version = "0.2.2"

	region = "us-east-1"
	name = "vmseries-example"

	# VPC
	security_vpc_name = "security-vpc-example"
	security_vpc_cidr = "10.100.0.0/16"
	data "cloudngfwaws_ngfw" "example" {
	name = "example-instance"
	}

	output "ngfw" {
	value = data.cloudngfwaws_ngfw.example.status
	}
	resource "cloudngfwaws_rulestack" "example" {
	name = "terraform-rulestack"
	scope = "Local"
	account_id = "123456789"
	description = "Made by Terraform"
	profile_config {
	anti_spyware = "BestPractice"
	}
	}
	resource "cloudngfwaws_security_rule" "example" {
	rulestack = cloudngfwaws_rulestack.example.name
	priority = 100
	name = "example-security-rule"
	description = "Configured via Terraform"
	source {
	cidrs = ["any"]
	}
	destination {
	cidrs = ["10.1.1.0/24"]
	provider "cloudngfwaws" {
	host = "api.us-east-1.aws.cloudngfw.paloaltonetworks.com"
	region = "us-east-1"
	arn = "arn:aws:iam::123456789:role/CloudNGFWRole"
	}
	resource "cloudngfwaws_ngfw" "example" {
	name = "example-instance"
	vpc_id = aws_vpc.example.id
	account_id = "12345678"
	description = "Example description"

	endpoint_mode = "ServiceManaged"
	subnet_mapping {
	subnet_id = aws_subnet.firewall_subnet.id
	}
	resource "cloudngfwaws_commit_rulestack" "example" {
	rulestack = "terraform-rulestack"
	}
	resource "aws_iam_role" "ngfw_role" {
	name = "CloudNGFWRole"

	inline_policy {
	name = "apigateway_policy"

	policy = jsonencode({
	"Version" : "2012-10-17",
	"Statement" : [
	{