Update test.tf
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 4m35s
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 4m35s
This commit is contained in:
36
test.tf
36
test.tf
@@ -51,8 +51,8 @@ locals {
|
|||||||
|
|
||||||
# Access Infrastructure Integration (Precedence: 4000)
|
# Access Infrastructure Integration (Precedence: 4000)
|
||||||
access_infra_target = {
|
access_infra_target = {
|
||||||
name = "NETWORK-Allow: Access Infra Target Policy"
|
name = "NETWORK - Allow: Cible en matière d'infrastructures d'accès"
|
||||||
description = "Evaluate Access applications before or after specific Gateway policies"
|
description = "Évaluer les applications d'accès avant ou après des stratégies de passerelle spécifiques"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "allow"
|
action = "allow"
|
||||||
precedence = local.precedence.access_infra_target
|
precedence = local.precedence.access_infra_target
|
||||||
@@ -63,8 +63,8 @@ locals {
|
|||||||
|
|
||||||
# Zero Trust RDP Access Control (Precedence: 21000)
|
# Zero Trust RDP Access Control (Precedence: 21000)
|
||||||
rdp_admin_access = {
|
rdp_admin_access = {
|
||||||
name = "NETWORK - Allow: RDP - IT Admin Access Policy"
|
name = "NETWORK - Allow: RDP - Accès administrateur informatique"
|
||||||
description = "Allow RDP access for IT administrators with identity and device posture checks"
|
description = "Autoriser l'accès RDP aux administrateurs informatiques avec vérification de l'identité et de la posture des appareils"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "allow"
|
action = "allow"
|
||||||
precedence = local.precedence.rdp_admin_allow
|
precedence = local.precedence.rdp_admin_allow
|
||||||
@@ -77,8 +77,8 @@ locals {
|
|||||||
|
|
||||||
# Lateral Movement Prevention - East-West Traffic (Precedence: 22000-22400)
|
# Lateral Movement Prevention - East-West Traffic (Precedence: 22000-22400)
|
||||||
block_lateral_ssh = {
|
block_lateral_ssh = {
|
||||||
name = "NETWORK - Block: SSH Lateral Movement"
|
name = "NETWORK - Block: Mouvement latéral SSH"
|
||||||
description = "Block SSH connections between internal VMs for lateral movement prevention, while allowing direct SSH from WARP clients"
|
description = "Bloquez les connexions SSH entre les machines virtuelles internes pour empêcher les mouvements latéraux, tout en autorisant les connexions SSH directes depuis les clients WARP."
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
precedence = local.precedence.block_lateral_ssh
|
precedence = local.precedence.block_lateral_ssh
|
||||||
@@ -88,8 +88,8 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_rdp = {
|
block_lateral_rdp = {
|
||||||
name = "NETWORK - Block: RDP Lateral Movement"
|
name = "NETWORK - Block: Mouvement latéral RDP"
|
||||||
description = "Block RDP connections between internal VMs for lateral movement prevention, while allowing direct RDP from WARP clients"
|
description = "Bloquez les connexions RDP entre les machines virtuelles internes pour empêcher les mouvements latéraux, tout en autorisant les connexions RDP directes depuis les clients WARP."
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
precedence = local.precedence.block_lateral_rdp
|
precedence = local.precedence.block_lateral_rdp
|
||||||
@@ -99,8 +99,8 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_smb = {
|
block_lateral_smb = {
|
||||||
name = "NETWORK - Block: SMB Lateral Movement"
|
name = "NETWORK - Block: Mouvement latéral SMB"
|
||||||
description = "Block SMB/CIFS connections between internal VMs for lateral movement prevention, while allowing direct SMB from WARP clients"
|
description = "Bloquez les connexions SMB/CIFS entre les machines virtuelles internes pour empêcher les mouvements latéraux, tout en autorisant les connexions SMB directes depuis les clients WARP."
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
precedence = local.precedence.block_lateral_smb
|
precedence = local.precedence.block_lateral_smb
|
||||||
@@ -110,8 +110,8 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_winrm = {
|
block_lateral_winrm = {
|
||||||
name = "NETWORK - Block: WinRM Lateral Movement"
|
name = "NETWORK - Block: Mouvement latéral WinRM"
|
||||||
description = "Block WinRM connections between internal VMs for lateral movement prevention, while allowing direct WinRM from WARP clients"
|
description = "Bloquez les connexions WinRM entre les machines virtuelles internes pour empêcher les mouvements latéraux, tout en autorisant les connexions WinRM directes depuis les clients WARP."
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
precedence = local.precedence.block_lateral_winrm
|
precedence = local.precedence.block_lateral_winrm
|
||||||
@@ -121,8 +121,8 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_database = {
|
block_lateral_database = {
|
||||||
name = "NETWORK - Block: Database Lateral Movement"
|
name = "NETWORK - Block: Mouvement latéral dans les bases de données"
|
||||||
description = "Block database connections between internal VMs for lateral movement prevention, while allowing direct database access from WARP clients"
|
description = "Bloquer les connexions aux bases de données entre les machines virtuelles internes afin d'empêcher les mouvements latéraux, tout en autorisant l'accès direct à la base de données depuis les clients WARP."
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
precedence = local.precedence.block_lateral_database
|
precedence = local.precedence.block_lateral_database
|
||||||
@@ -134,8 +134,8 @@ locals {
|
|||||||
|
|
||||||
# IP-based Access Control (Precedence: 23000)
|
# IP-based Access Control (Precedence: 23000)
|
||||||
block_ip_access = {
|
block_ip_access = {
|
||||||
name = "NETWORK - Block: Access GCP Apps via Private IP"
|
name = "NETWORK - Block : Accéder aux applications GCP via une adresse IP privée"
|
||||||
description = "This rule blocks the access of Competition App and Administration App via ip address and port"
|
description = "Cette règle bloque l'accès à l'application Compétition et à l'application Administration via l'adresse IP et le port."
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
precedence = local.precedence.ip_access_block
|
precedence = local.precedence.ip_access_block
|
||||||
@@ -147,8 +147,8 @@ locals {
|
|||||||
|
|
||||||
# Default Deny - Evaluated Last (Precedence: 21700)
|
# Default Deny - Evaluated Last (Precedence: 21700)
|
||||||
rdp_default_deny = {
|
rdp_default_deny = {
|
||||||
name = "NETWORK - Block: Default Deny Policy"
|
name = "NETWORK - Block : Deny par défaut"
|
||||||
description = "Deny RDP access for users without IT admin privileges (evaluated after allow policy)"
|
description = "Refuser l'accès RDP aux utilisateurs sans privilèges d'administrateur informatique (évalué après la politique d'autorisation)"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
precedence = local.precedence.rdp_default_deny
|
precedence = local.precedence.rdp_default_deny
|
||||||
|
|||||||
Reference in New Issue
Block a user