remove other variables
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 4m37s
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 4m37s
This commit is contained in:
@@ -3,7 +3,7 @@
|
|||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
#======================================================
|
#======================================================
|
||||||
# INFRASTRUCTURE APP: MySQL Database (Infrastructure)
|
# Create Aapp in mode Infrastructure : MySQL Database for AWS
|
||||||
#======================================================
|
#======================================================
|
||||||
|
|
||||||
# Creating the Target
|
# Creating the Target
|
||||||
@@ -37,12 +37,13 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_ssh_infr
|
|||||||
},
|
},
|
||||||
}]
|
}]
|
||||||
|
|
||||||
|
# SSH Infrastructure Policy
|
||||||
policies = [{
|
policies = [{
|
||||||
name = "SSH GCP Infrastructure Policy"
|
name = "SSH GCP Infrastructure Policy"
|
||||||
decision = "allow"
|
decision = "allow"
|
||||||
|
|
||||||
allowed_idps = [
|
allowed_idps = [
|
||||||
cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
|
cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
|
||||||
]
|
]
|
||||||
auto_redirect_to_identity = true
|
auto_redirect_to_identity = true
|
||||||
allow_authenticate_via_warp = false
|
allow_authenticate_via_warp = false
|
||||||
@@ -97,7 +98,7 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_ssh_infr
|
|||||||
}
|
}
|
||||||
|
|
||||||
#======================================================
|
#======================================================
|
||||||
# INFRASTRUCTURE APP: MySQL Database (Infrastructure)
|
# Create Aapp in mode Infrastructure : MySQL Database for GCP
|
||||||
#======================================================
|
#======================================================
|
||||||
|
|
||||||
# Creating the Target
|
# Creating the Target
|
||||||
@@ -131,12 +132,13 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_gcp_app_ssh_infr
|
|||||||
},
|
},
|
||||||
}]
|
}]
|
||||||
|
|
||||||
|
# SSH Infrastructure Policy
|
||||||
policies = [{
|
policies = [{
|
||||||
name = "SSH GCP Infrastructure Policy"
|
name = "SSH GCP Infrastructure Policy"
|
||||||
decision = "allow"
|
decision = "allow"
|
||||||
|
|
||||||
allowed_idps = [
|
allowed_idps = [
|
||||||
cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
|
cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
|
||||||
]
|
]
|
||||||
auto_redirect_to_identity = true
|
auto_redirect_to_identity = true
|
||||||
allow_authenticate_via_warp = false
|
allow_authenticate_via_warp = false
|
||||||
|
|||||||
@@ -140,15 +140,15 @@ cloudflare_intranet_app_port = 8181
|
|||||||
cloudflare_domain_controller_rdp_port = 3389
|
cloudflare_domain_controller_rdp_port = 3389
|
||||||
|
|
||||||
# Identity Providers - Sensitive: manually retrieved from Cloudflare dashboard
|
# Identity Providers - Sensitive: manually retrieved from Cloudflare dashboard
|
||||||
cloudflare_okta_identity_provider_id = "2af2b24b-f850-4e04-95f6-04a651c71f7a"
|
#cloudflare_okta_identity_provider_id = "2af2b24b-f850-4e04-95f6-04a651c71f7a"
|
||||||
cloudflare_otp_identity_provider_id = "0f818053-eafb-458f-90c2-0ff2d4b5d69c"
|
#cloudflare_otp_identity_provider_id = "0f818053-eafb-458f-90c2-0ff2d4b5d69c"
|
||||||
#cloudflare_azure_identity_provider_id = "8c593fe8-aee3-4075-33333333"
|
#cloudflare_azure_identity_provider_id = "8c593fe8-aee3-4075-33333333"
|
||||||
#cloudflare_azure_admin_rule_group_id = "5f253130-a400-4215-44444444"
|
#cloudflare_azure_admin_rule_group_id = "5f253130-a400-4215-44444444"
|
||||||
|
|
||||||
# Device Posture - Sensitive: manually retrieved from Cloudflare dashboard
|
# Device Posture - Sensitive: manually retrieved from Cloudflare dashboard
|
||||||
cloudflare_gateway_posture_id = "4d8d7499-38c3-4bf0-55555555"
|
cloudflare_gateway_posture_id = "4d8d7499-38c3-4bf0-55555555"
|
||||||
cloudflare_macos_posture_id = "6d64ff80-1308-4462-66666666"
|
cloudflare_macos_posture_id = "6d64ff80-1308-4462-66666666"
|
||||||
cloudflare_ios_posture_id = "56454654-1245-8564-77777777"
|
#cloudflare_ios_posture_id = "56454654-1245-8564-77777777"
|
||||||
cloudflare_windows_posture_id = "67b05735-3b9b-4bcc-88888888"
|
cloudflare_windows_posture_id = "67b05735-3b9b-4bcc-88888888"
|
||||||
cloudflare_linux_posture_id = "ed5639c7-3305-4a91-9999999"
|
cloudflare_linux_posture_id = "ed5639c7-3305-4a91-9999999"
|
||||||
cloudflare_device_os = "mac" # Options: "linux", "windows", "mac"
|
cloudflare_device_os = "mac" # Options: "linux", "windows", "mac"
|
||||||
@@ -177,9 +177,8 @@ cloudflare_default_cgnat_routes = [{
|
|||||||
|
|
||||||
cloudflare_warp_cgnat_cidr = "100.96.0.0/12"
|
cloudflare_warp_cgnat_cidr = "100.96.0.0/12"
|
||||||
|
|
||||||
|
|
||||||
#=====================================
|
#=====================================
|
||||||
# Okta
|
# Authentik
|
||||||
#=====================================
|
#=====================================
|
||||||
|
|
||||||
# SAML Group IDs - Unused variables removed
|
# SAML Group IDs - Unused variables removed
|
||||||
@@ -197,7 +196,7 @@ okta_infra_admin_saml_group_name = "InfrastructureAdmin"
|
|||||||
okta_bob_user_login = "********3@passfwd.com"
|
okta_bob_user_login = "********3@passfwd.com"
|
||||||
okta_matthieu_user_login = "********"
|
okta_matthieu_user_login = "********"
|
||||||
|
|
||||||
okta_bob_user_linux_password = "bob"
|
#okta_bob_user_linux_password = "bob"
|
||||||
|
|
||||||
#=====================================
|
#=====================================
|
||||||
# AWS variables
|
# AWS variables
|
||||||
|
|||||||
Reference in New Issue
Block a user