From 2c5734155841fcc1d5a276f04941d355211c1e6f Mon Sep 17 00:00:00 2001 From: Hubert Cornet Date: Tue, 18 Nov 2025 12:21:23 +0100 Subject: [PATCH] Update access_groups.tf --- access_groups.tf | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/access_groups.tf b/access_groups.tf index bad29bf..0399225 100644 --- a/access_groups.tf +++ b/access_groups.tf @@ -15,6 +15,36 @@ locals { # Allowed countries allowed_countries = ["FR", "DE", "US", "GB"] blocked_countries = ["CN", "RU", "AF", "BY", "CD", "CU", "IR", "IQ", "KP", "MM", "SD", "SY", "UA", "ZW"] + main_countries = ["FR"] + europe_countries = ["AL","AD","AT","AX","BA","BE","BG","BY","CH","CY","CZ","DE","DK","EE","ES","FI","FO","GB","GG","GI","GR","HR","HU","IE","IM","IS","IT","JE","LI","LT","LU","LV","MC","MD","ME","MK","MT","NL","NO","PL","PT","RO","RS","SE","SI","SK","SM","UA","VA"] + afrique_countries = ["AO","BF","BI","BJ","BW","CD","CF","CG","CI","CM","CV","DJ","DZ","EG","EH","ER","ET","GA","GH","GM","GN","GQ","GW","KE","KM","LR","LS","LY","MA","MG","ML","MR","MU","MW","MZ","NA","NE","NG","RE","RW","SC","SD","SH","SL","SN","SO","SS","ST","SZ","TD","TF","TG","TN","TZ","UG","YT","ZA","ZM","ZW"] + america_north_countries = ["CA","US","MX","BM","PM","GL","UM"] + america_central_countries = ["AG","AI","AW","BB","BZ","CR","CU","DM","DO","GD","GP","GT","HN","HT","JM","KN","KY","LC","MF","MQ","MS","NI","PA","PR","SV","SX","TC","TT","VC","VG","VI"] + america_south_countries = ["AR","BO","BR","CL","CO","EC","FK","GF","GY","PE","PY","SR","UY","VE"] + asie_countries = ["AF","AM","AZ","BD","BH","BN","BT","CN","GE","HK","ID","IL","IN","IQ","IR","JO","JP","KG","KH","KP","KR","KW","KZ","LA","LB","LK","MM","MN","MO","MY","NP","OM","PH","PK","PS","QA","SA","SG","SY","TH","TJ","TL","TM","TR","TW","UZ","VN","YE"] + oceanie_countries = ["AS","AU","CK","FJ","FM","GU","HM","KI","MH","MP","NC","NF","NR","NU","NZ","PF","PG","PN","PW","SB","TK","TO","TV","UM","VU","WF","WS"] + antarctique_countries = ["AQ", "BV"] + other_countries = ["IO","GS","XX","ZZ"] + + # On fusionne *toutes* les zones dans une seule liste + all_countries = flatten([ + local.main_countries, + local.europe_countries, + local.afrique_countries, + local.america_north_countries, + local.america_central_countries, + local.america_south_countries, + local.asie_countries, + local.oceanie_countries, + local.antarctique_countries, + local.autres_countries, + ]) + + # On retire les pays "main" + blocked_countries_except_main = [ + for code in local.all_countries : code + if !(code in local.main_countries) + ] # OS posture checks os_posture_checks = [ @@ -60,6 +90,26 @@ resource "cloudflare_zero_trust_access_group" "country_requirements_rule_group" ] } +resource "cloudflare_zero_trust_access_group" "country_requirements_rule_group_main" { + account_id = local.cloudflare_account_id + + name = "GL_Localisation Country Requirements : Main" + include = [ + for country in local.main_countries : { + geo = { + country_code = country + } + } + ] + exclude = [ + for country in local.blocked_countries_except_main : { + geo = { + country_code = country + } + } + ] +} + # Device Posture Rule Groups resource "cloudflare_zero_trust_access_group" "latest_os_version_requirements_rule_group" { account_id = local.cloudflare_account_id