This commit is contained in:
@@ -33,10 +33,10 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_ssh_brow
|
|||||||
|
|
||||||
policies = [
|
policies = [
|
||||||
{
|
{
|
||||||
id = cloudflare_zero_trust_access_policy.policies["employees_browser_rendering"].id
|
id = cloudflare_zero_trust_access_policy.policies["aws_employees_browser_rendering"].id
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
id = cloudflare_zero_trust_access_policy.policies["contractors_browser_rendering"].id
|
id = cloudflare_zero_trust_access_policy.policies["aws_contractors_browser_rendering"].id
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@@ -72,10 +72,10 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_gcp_app_ssh_brow
|
|||||||
|
|
||||||
policies = [
|
policies = [
|
||||||
{
|
{
|
||||||
id = cloudflare_zero_trust_access_policy.policies["employees_browser_rendering"].id
|
id = cloudflare_zero_trust_access_policy.policies["gcp_employees_browser_rendering"].id
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
id = cloudflare_zero_trust_access_policy.policies["contractors_browser_rendering"].id
|
id = cloudflare_zero_trust_access_policy.policies["gcp_contractors_browser_rendering"].id
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_vnc_brow
|
|||||||
allow_authenticate_via_warp = false
|
allow_authenticate_via_warp = false
|
||||||
|
|
||||||
policies = [{
|
policies = [{
|
||||||
id = cloudflare_zero_trust_access_policy.policies["employees_browser_rendering"].id
|
id = cloudflare_zero_trust_access_policy.policies["aws_employees_browser_rendering"].id
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -66,6 +66,6 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_gcp_app_vnc_brow
|
|||||||
allow_authenticate_via_warp = false
|
allow_authenticate_via_warp = false
|
||||||
|
|
||||||
policies = [{
|
policies = [{
|
||||||
id = cloudflare_zero_trust_access_policy.policies["employees_browser_rendering"].id
|
id = cloudflare_zero_trust_access_policy.policies["gcp_employees_browser_rendering"].id
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -145,7 +145,7 @@ locals {
|
|||||||
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this sensitive resource."
|
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this sensitive resource."
|
||||||
lifecycle_create_before_destroy = true
|
lifecycle_create_before_destroy = true
|
||||||
}
|
}
|
||||||
employees_browser_rendering = {
|
aws_employees_browser_rendering = {
|
||||||
name = "Employees AWS Database Policy"
|
name = "Employees AWS Database Policy"
|
||||||
include_groups = ["infrastructure_admin"]
|
include_groups = ["infrastructure_admin"]
|
||||||
require_posture = true
|
require_posture = true
|
||||||
@@ -154,7 +154,7 @@ locals {
|
|||||||
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
||||||
require_login_method = true
|
require_login_method = true
|
||||||
}
|
}
|
||||||
contractors_browser_rendering = {
|
aws_contractors_browser_rendering = {
|
||||||
name = "Contractors AWS Database Policy"
|
name = "Contractors AWS Database Policy"
|
||||||
include_groups = ["contractors"]
|
include_groups = ["contractors"]
|
||||||
require_posture = true
|
require_posture = true
|
||||||
@@ -163,12 +163,36 @@ locals {
|
|||||||
purpose_justification = true
|
purpose_justification = true
|
||||||
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
||||||
}
|
}
|
||||||
|
gcp_employees_browser_rendering = {
|
||||||
|
name = "Employees GCP Database Policy"
|
||||||
|
include_groups = ["infrastructure_admin"]
|
||||||
|
require_posture = true
|
||||||
|
require_mfa = false
|
||||||
|
purpose_justification = true
|
||||||
|
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
||||||
|
require_login_method = true
|
||||||
|
}
|
||||||
|
gcp_contractors_browser_rendering = {
|
||||||
|
name = "Contractors GCP Database Policy"
|
||||||
|
include_groups = ["contractors"]
|
||||||
|
require_posture = true
|
||||||
|
require_mfa = false
|
||||||
|
require_country = true
|
||||||
|
purpose_justification = true
|
||||||
|
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
||||||
|
}
|
||||||
aws = {
|
aws = {
|
||||||
name = "AWS Cloud Policy"
|
name = "AWS Cloud Policy"
|
||||||
include_groups = ["sales_engineering"]
|
include_groups = ["sales_engineering"]
|
||||||
require_posture = true
|
require_posture = true
|
||||||
require_mfa = true
|
require_mfa = true
|
||||||
}
|
}
|
||||||
|
gcp = {
|
||||||
|
name = "GCP Cloud Policy"
|
||||||
|
include_groups = ["sales_engineering"]
|
||||||
|
require_posture = true
|
||||||
|
require_mfa = true
|
||||||
|
}
|
||||||
okta = {
|
okta = {
|
||||||
name = "Okta Cloud Policy"
|
name = "Okta Cloud Policy"
|
||||||
include_groups = ["it_admin"]
|
include_groups = ["it_admin"]
|
||||||
|
|||||||
Reference in New Issue
Block a user