Update variables.auto.tfvars
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 13s
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 13s
This commit is contained in:
@@ -61,94 +61,31 @@ applications = {
|
|||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
#
|
#
|
||||||
local {
|
|
||||||
# Group mapping for policies (supports both SAML and composite groups)
|
|
||||||
policy_groups = {
|
|
||||||
# Composite groups
|
|
||||||
employees = cloudflare_zero_trust_access_group.employees_rule_group.id
|
|
||||||
sales_team = cloudflare_zero_trust_access_group.sales_team_rule_group.id
|
|
||||||
admins = cloudflare_zero_trust_access_group.admins_rule_group.id
|
|
||||||
contractors = cloudflare_zero_trust_access_group.contractors_rule_group.id
|
|
||||||
|
|
||||||
# Individual SAML groups
|
|
||||||
infrastructure_admin = cloudflare_zero_trust_access_group.saml_groups["infrastructure_admin"].id
|
|
||||||
sales_engineering = cloudflare_zero_trust_access_group.saml_groups["sales_engineering"].id
|
|
||||||
sales = cloudflare_zero_trust_access_group.saml_groups["sales"].id
|
|
||||||
it_admin = cloudflare_zero_trust_access_group.saml_groups["it_admin"].id
|
|
||||||
}
|
|
||||||
|
|
||||||
# Common access policy configurations
|
|
||||||
access_policies = {
|
access_policies = {
|
||||||
intranet_web_app = {
|
allow_employees = {
|
||||||
name = "Intranet App Policy"
|
name = "Allow - Employees"
|
||||||
include_groups = ["employees", "contractors"]
|
include_groups = ["employees"]
|
||||||
require_posture = true
|
exclude_groups = []
|
||||||
require_mfa = false
|
require_mfa = true
|
||||||
|
require_login_method = false
|
||||||
|
require_country = false
|
||||||
purpose_justification = false
|
purpose_justification = false
|
||||||
|
purpose_justification_prompt = null
|
||||||
}
|
}
|
||||||
competition_web_app = {
|
|
||||||
name = "Competition App Policy"
|
allow_admins = {
|
||||||
include_groups = ["sales_team"]
|
name = "Allow - Admins"
|
||||||
require_posture = true
|
include_groups = ["admins"]
|
||||||
|
exclude_groups = []
|
||||||
require_mfa = true
|
require_mfa = true
|
||||||
# IMPORTANT: Comment out the next 3 lines if you haven't deployed the "Training Compliance Gateway"
|
|
||||||
# Otherwise the Competition App won't work or show up in App Launcher
|
|
||||||
# Repository: https://github.com/macharpe/cloudflare-access-training-evaluator
|
|
||||||
require_external_evaluation = true
|
|
||||||
external_evaluation_url = "https://training-status.macharpe.com"
|
|
||||||
external_evaluation_keys_url = "https://training-status.macharpe.com/keys"
|
|
||||||
purpose_justification = true
|
|
||||||
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this sensitive resource."
|
|
||||||
lifecycle_create_before_destroy = true
|
|
||||||
}
|
|
||||||
employees_browser_rendering = {
|
|
||||||
name = "Employees AWS Database Policy"
|
|
||||||
include_groups = ["infrastructure_admin"]
|
|
||||||
require_posture = true
|
|
||||||
require_mfa = false
|
|
||||||
purpose_justification = true
|
|
||||||
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
|
||||||
require_login_method = true
|
require_login_method = true
|
||||||
}
|
|
||||||
contractors_browser_rendering = {
|
|
||||||
name = "Contractors AWS Database Policy"
|
|
||||||
include_groups = ["contractors"]
|
|
||||||
require_posture = true
|
|
||||||
require_mfa = false
|
|
||||||
require_country = true
|
require_country = true
|
||||||
purpose_justification = true
|
purpose_justification = true
|
||||||
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this production system."
|
purpose_justification_prompt = "Why do you need admin access?"
|
||||||
}
|
|
||||||
aws = {
|
|
||||||
name = "AWS Cloud Policy"
|
|
||||||
include_groups = ["sales_engineering"]
|
|
||||||
require_posture = true
|
|
||||||
require_mfa = true
|
|
||||||
}
|
|
||||||
okta = {
|
|
||||||
name = "Okta Cloud Policy"
|
|
||||||
include_groups = ["it_admin"]
|
|
||||||
require_posture = true
|
|
||||||
require_mfa = true
|
|
||||||
}
|
|
||||||
meraki = {
|
|
||||||
name = "Meraki Cloud Policy"
|
|
||||||
include_groups = ["it_admin"]
|
|
||||||
require_posture = true
|
|
||||||
require_mfa = true
|
|
||||||
}
|
|
||||||
domain_controller = {
|
|
||||||
name = "Domain Controller Policy"
|
|
||||||
include_groups = ["it_admin", "contractors"]
|
|
||||||
require_posture = true
|
|
||||||
require_mfa = true
|
|
||||||
require_country = true
|
|
||||||
purpose_justification = true
|
|
||||||
purpose_justification_prompt = "Access justification required: Please provide your business reason for accessing this sensitive resource."
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
# Tags
|
# Tags
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|||||||
Reference in New Issue
Block a user