diff --git a/Access_Controls-Applications-Infrastructure.tf b/Access_Controls-Applications-Infrastructure.tf index c669368..1087267 100644 --- a/Access_Controls-Applications-Infrastructure.tf +++ b/Access_Controls-Applications-Infrastructure.tf @@ -3,7 +3,7 @@ # ============================================================================= #====================================================== -# INFRASTRUCTURE APP: MySQL Database (Infrastructure) +# Create Aapp in mode Infrastructure : MySQL Database for AWS #====================================================== # Creating the Target @@ -37,12 +37,13 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_ssh_infr }, }] + # SSH Infrastructure Policy policies = [{ name = "SSH GCP Infrastructure Policy" decision = "allow" allowed_idps = [ - cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, ] auto_redirect_to_identity = true allow_authenticate_via_warp = false @@ -97,7 +98,7 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_ssh_infr } #====================================================== -# INFRASTRUCTURE APP: MySQL Database (Infrastructure) +# Create Aapp in mode Infrastructure : MySQL Database for GCP #====================================================== # Creating the Target @@ -131,12 +132,13 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_gcp_app_ssh_infr }, }] + # SSH Infrastructure Policy policies = [{ name = "SSH GCP Infrastructure Policy" decision = "allow" allowed_idps = [ - cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, ] auto_redirect_to_identity = true allow_authenticate_via_warp = false diff --git a/variables.auto.tfvars b/variables.auto.tfvars index 65380d8..c3bdee1 100644 --- a/variables.auto.tfvars +++ b/variables.auto.tfvars @@ -140,15 +140,15 @@ cloudflare_intranet_app_port = 8181 cloudflare_domain_controller_rdp_port = 3389 # Identity Providers - Sensitive: manually retrieved from Cloudflare dashboard -cloudflare_okta_identity_provider_id = "2af2b24b-f850-4e04-95f6-04a651c71f7a" -cloudflare_otp_identity_provider_id = "0f818053-eafb-458f-90c2-0ff2d4b5d69c" +#cloudflare_okta_identity_provider_id = "2af2b24b-f850-4e04-95f6-04a651c71f7a" +#cloudflare_otp_identity_provider_id = "0f818053-eafb-458f-90c2-0ff2d4b5d69c" #cloudflare_azure_identity_provider_id = "8c593fe8-aee3-4075-33333333" #cloudflare_azure_admin_rule_group_id = "5f253130-a400-4215-44444444" # Device Posture - Sensitive: manually retrieved from Cloudflare dashboard cloudflare_gateway_posture_id = "4d8d7499-38c3-4bf0-55555555" cloudflare_macos_posture_id = "6d64ff80-1308-4462-66666666" -cloudflare_ios_posture_id = "56454654-1245-8564-77777777" +#cloudflare_ios_posture_id = "56454654-1245-8564-77777777" cloudflare_windows_posture_id = "67b05735-3b9b-4bcc-88888888" cloudflare_linux_posture_id = "ed5639c7-3305-4a91-9999999" cloudflare_device_os = "mac" # Options: "linux", "windows", "mac" @@ -177,9 +177,8 @@ cloudflare_default_cgnat_routes = [{ cloudflare_warp_cgnat_cidr = "100.96.0.0/12" - #===================================== -# Okta +# Authentik #===================================== # SAML Group IDs - Unused variables removed @@ -197,7 +196,7 @@ okta_infra_admin_saml_group_name = "InfrastructureAdmin" okta_bob_user_login = "********3@passfwd.com" okta_matthieu_user_login = "********" -okta_bob_user_linux_password = "bob" +#okta_bob_user_linux_password = "bob" #===================================== # AWS variables