This commit is contained in:
@@ -7,10 +7,10 @@
|
||||
#======================================================
|
||||
|
||||
# Creating the Target
|
||||
resource "cloudflare_zero_trust_access_infrastructure_target" "gcp_rdp_target" {
|
||||
resource "cloudflare_zero_trust_access_infrastructure_target" "aws_rdp_target" {
|
||||
account_id = local.cloudflare_account_id
|
||||
|
||||
hostname = var.cloudflare_target_rdp_name
|
||||
hostname = var.cloudflare_aws_target_rdp_name
|
||||
ip = {
|
||||
ipv4 = {
|
||||
ip_addr = var.gcp_windows_vm_internal_ip
|
||||
@@ -39,7 +39,68 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_rdp_doma
|
||||
port = 3389
|
||||
protocol = "RDP"
|
||||
target_attributes = {
|
||||
hostname = [var.cloudflare_target_rdp_name] # This will be "Domain-Controller"
|
||||
hostname = [var.cloudflare_aws_target_rdp_name] # This will be "Domain-Controller"
|
||||
}
|
||||
}]
|
||||
|
||||
# Identity provider settings
|
||||
allowed_idps = [
|
||||
cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
|
||||
]
|
||||
auto_redirect_to_identity = true
|
||||
enable_binding_cookie = false
|
||||
http_only_cookie_attribute = false
|
||||
options_preflight_bypass = false
|
||||
|
||||
# Reference the policy from cloudflare-app-policies.tf
|
||||
policies = [{
|
||||
id = cloudflare_zero_trust_access_policy.policies["domain_controller"].id
|
||||
}]
|
||||
|
||||
# Depends on the existing target
|
||||
depends_on = [
|
||||
cloudflare_zero_trust_access_infrastructure_target.aws_rdp_target
|
||||
]
|
||||
}
|
||||
|
||||
#======================================================
|
||||
# SELF-HOSTED APP: Domain Controller
|
||||
#======================================================
|
||||
|
||||
# Creating the Target
|
||||
resource "cloudflare_zero_trust_access_infrastructure_target" "gcp_rdp_target" {
|
||||
account_id = local.cloudflare_account_id
|
||||
|
||||
hostname = var.cloudflare_gcp_target_rdp_name
|
||||
ip = {
|
||||
ipv4 = {
|
||||
ip_addr = var.gcp_windows_vm_internal_ip
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Domain Controller Browser-Rendered RDP Application
|
||||
resource "cloudflare_zero_trust_access_application" "cloudflare_gcp_app_rdp_domain" {
|
||||
account_id = local.cloudflare_account_id
|
||||
|
||||
type = "rdp"
|
||||
name = var.cloudflare_gcp_browser_rdp_app_name
|
||||
app_launcher_visible = true
|
||||
logo_url = "https://www.kevinsubileau.fr/wp-content/uploads/2016/05/RDP_icon.png"
|
||||
tags = [cloudflare_zero_trust_access_tag.tags["engineers"].name]
|
||||
session_duration = "0s"
|
||||
custom_deny_url = "https://denied.tips-of-mine.org/"
|
||||
custom_non_identity_deny_url = "https://denied.tips-of-mine.org/"
|
||||
|
||||
# Public hostname for browser rendering
|
||||
domain = var.cloudflare_subdomain_rdp
|
||||
|
||||
# Target criteria - references the existing gcp_rdp_target
|
||||
target_criteria = [{
|
||||
port = 3389
|
||||
protocol = "RDP"
|
||||
target_attributes = {
|
||||
hostname = [var.cloudflare_gcp_target_rdp_name] # This will be "Domain-Controller"
|
||||
}
|
||||
}]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user