← Back to Docs
Recipe

Cloud firewall rule writer

Generate least-privilege firewall rules from your deployment manifest. No more wide-open security groups.

What it does

Feed Meridian a Kubernetes manifest, Terraform plan, or Docker Compose file. It extracts every service-to-service dependency and emits the minimal set of inbound/outbound rules — CIDR blocks, port ranges, and protocol constraints — ready to paste into AWS Security Groups, GCP firewall rules, or Azure NSGs.

Quick start

$ meridian firewall generate --source ./k8s/prod --output rules.json

Supports JSON, HCL, and CSV output formats.

Example output

{
  "rules": [
    {
      "direction": "ingress",
      "protocol": "tcp",
      "port": 5432,
      "source": "10.0.1.0/24",
      "description": "api → postgres"
    },
    {
      "direction": "egress",
      "protocol": "tcp",
      "port": 6379,
      "destination": "10.0.2.0/24",
      "description": "worker → redis"
    }
  ]
}

Provider support

AWS

Security Groups, NACLs

GCP

VPC firewall rules

Azure

NSG rules

Next steps