diff --git a/variables.auto.tfvars b/variables.auto.tfvars index 9ac0d68..8b3425d 100644 --- a/variables.auto.tfvars +++ b/variables.auto.tfvars @@ -61,39 +61,34 @@ applications = { # ============================================================================= # +policy_groups = { + employees = "xxxxxxxxxxxxxxxxxxx" + admins = "xxxxxxxxxxxxxxxxxxx" + contractors = "xxxxxxxxxxxxxxxxxxx" + sales = "xxxxxxxxxxxxxxxxxxx" + saml_groups = "xxxxxxxxxxxxxxxxxxx" + country_requirements = "xxxxxxxxxxxxxxxxxxx" + latest_os_version_requirements = "xxxxxxxxxxxxxxxxxxx" +} + access_policies = { allow_employees = { - name = "Allow - Employees" - include_groups = ["employees"] - exclude_groups = [] - require_mfa = true - require_login_method = false - require_country = false - purpose_justification = false - purpose_justification_prompt = null + name = "Allow - Employees" + include_groups = ["employees"] + exclude_groups = [] + require_mfa = true } allow_admins = { - name = "Allow - Admins" - include_groups = ["admins"] - exclude_groups = [] - require_mfa = true - require_login_method = true - require_country = true - purpose_justification = true - purpose_justification_prompt = "Why do you need admin access?" + name = "Allow - Admins" + include_groups = ["admins"] + exclude_groups = [] + require_mfa = true + require_login_method = true + require_country = true } } -policy_groups = { - employees = cloudflare_zero_trust_access_group.employees_rule_group.id - admins = cloudflare_zero_trust_access_group.admins_rule_group.id - contractors = cloudflare_zero_trust_access_group.contractors_rule_group.id - sales = cloudflare_zero_trust_access_group.sales_team_rule_group.id - saml_groups = cloudflare_zero_trust_access_group.saml_groups.id - country_requirements = cloudflare_zero_trust_access_group.country_requirements_rule_group.id - latest_os_version_requirements = cloudflare_zero_trust_access_group.latest_os_version_requirements_rule_group.id -} # ============================================================================= # Tags