Update networks_routes.tf
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 55s
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 55s
This commit is contained in:
@@ -37,8 +37,8 @@ resource "cloudflare_dns_record" "applications" {
|
|||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
resource "cloudflare_zero_trust_tunnel_cloudflared_config" "home_tunnel_config" {
|
resource "cloudflare_zero_trust_tunnel_cloudflared_config" "home_tunnel_config" {
|
||||||
tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id
|
|
||||||
account_id = local.cloudflare_account_id
|
account_id = local.cloudflare_account_id
|
||||||
|
tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
warp_routing = {
|
warp_routing = {
|
||||||
@@ -55,46 +55,15 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "home_tunnel_config"
|
|||||||
}
|
}
|
||||||
|
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
# ACCESS POLICIES (optionnel)
|
# CLOUDFLARE : Networks : Routes : virtual network
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
# Exemple de politique d'accès réutilisable
|
#
|
||||||
# Décommentez si vous souhaitez utiliser Cloudflare Access
|
resource "cloudflare_zero_trust_tunnel_cloudflared_virtual_network" "example_zero_trust_tunnel_cloudflared_virtual_network" {
|
||||||
/*
|
|
||||||
resource "cloudflare_zero_trust_access_policy" "allow_emails" {
|
|
||||||
account_id = local.cloudflare_account_id
|
account_id = local.cloudflare_account_id
|
||||||
name = "Allow specific emails"
|
|
||||||
decision = "allow"
|
|
||||||
|
|
||||||
include = [
|
|
||||||
{
|
|
||||||
email = {
|
|
||||||
email = local.cloudflare_email
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
email_domain = {
|
|
||||||
domain = var.cloudflare_zone
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
# Application Access pour chaque application qui l'exige
|
name = "us-east-1-vpc"
|
||||||
resource "cloudflare_zero_trust_access_application" "applications" {
|
comment = "Staging VPC for data science"
|
||||||
for_each = {
|
is_default = false
|
||||||
for app_name, app_config in var.applications :
|
is_default_network = false
|
||||||
app_name => app_config
|
|
||||||
if app_config.access_enabled
|
|
||||||
}
|
|
||||||
|
|
||||||
account_id = local.cloudflare_account_id
|
|
||||||
type = "self_hosted"
|
|
||||||
name = "Access for ${each.key}"
|
|
||||||
domain = "${each.value.subdomain}.${var.cloudflare_zone}"
|
|
||||||
|
|
||||||
policies = [
|
|
||||||
cloudflare_zero_trust_access_policy.allow_emails.id
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
Reference in New Issue
Block a user