Update test.tf
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 4m34s
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 4m34s
This commit is contained in:
24
test.tf
24
test.tf
@@ -63,7 +63,7 @@ locals {
|
|||||||
|
|
||||||
# Zero Trust RDP Access Control (Precedence: 21000)
|
# Zero Trust RDP Access Control (Precedence: 21000)
|
||||||
rdp_admin_access = {
|
rdp_admin_access = {
|
||||||
name = "NETWORK-Allow: RDP - IT Admin Access Policy"
|
name = "NETWORK - Allow: RDP - IT Admin Access Policy"
|
||||||
description = "Allow RDP access for IT administrators with identity and device posture checks"
|
description = "Allow RDP access for IT administrators with identity and device posture checks"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "allow"
|
action = "allow"
|
||||||
@@ -77,7 +77,7 @@ locals {
|
|||||||
|
|
||||||
# Lateral Movement Prevention - East-West Traffic (Precedence: 22000-22400)
|
# Lateral Movement Prevention - East-West Traffic (Precedence: 22000-22400)
|
||||||
block_lateral_ssh = {
|
block_lateral_ssh = {
|
||||||
name = "NETWORK-Block: SSH Lateral Movement"
|
name = "NETWORK - Block: SSH Lateral Movement"
|
||||||
description = "Block SSH connections between internal VMs for lateral movement prevention, while allowing direct SSH from WARP clients"
|
description = "Block SSH connections between internal VMs for lateral movement prevention, while allowing direct SSH from WARP clients"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -88,7 +88,7 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_rdp = {
|
block_lateral_rdp = {
|
||||||
name = "NETWORK-Block: RDP Lateral Movement"
|
name = "NETWORK - Block: RDP Lateral Movement"
|
||||||
description = "Block RDP connections between internal VMs for lateral movement prevention, while allowing direct RDP from WARP clients"
|
description = "Block RDP connections between internal VMs for lateral movement prevention, while allowing direct RDP from WARP clients"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -99,7 +99,7 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_smb = {
|
block_lateral_smb = {
|
||||||
name = "NETWORK-Block: SMB Lateral Movement"
|
name = "NETWORK - Block: SMB Lateral Movement"
|
||||||
description = "Block SMB/CIFS connections between internal VMs for lateral movement prevention, while allowing direct SMB from WARP clients"
|
description = "Block SMB/CIFS connections between internal VMs for lateral movement prevention, while allowing direct SMB from WARP clients"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -110,7 +110,7 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_winrm = {
|
block_lateral_winrm = {
|
||||||
name = "NETWORK-Block: WinRM Lateral Movement"
|
name = "NETWORK - Block: WinRM Lateral Movement"
|
||||||
description = "Block WinRM connections between internal VMs for lateral movement prevention, while allowing direct WinRM from WARP clients"
|
description = "Block WinRM connections between internal VMs for lateral movement prevention, while allowing direct WinRM from WARP clients"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -121,7 +121,7 @@ locals {
|
|||||||
notification_enabled = true
|
notification_enabled = true
|
||||||
}
|
}
|
||||||
block_lateral_database = {
|
block_lateral_database = {
|
||||||
name = "NETWORK-Block: Database Lateral Movement"
|
name = "NETWORK - Block: Database Lateral Movement"
|
||||||
description = "Block database connections between internal VMs for lateral movement prevention, while allowing direct database access from WARP clients"
|
description = "Block database connections between internal VMs for lateral movement prevention, while allowing direct database access from WARP clients"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -134,7 +134,7 @@ locals {
|
|||||||
|
|
||||||
# IP-based Access Control (Precedence: 23000)
|
# IP-based Access Control (Precedence: 23000)
|
||||||
block_ip_access = {
|
block_ip_access = {
|
||||||
name = "NETWORK-Block: Access GCP Apps via Private IP"
|
name = "NETWORK - Block: Access GCP Apps via Private IP"
|
||||||
description = "This rule blocks the access of Competition App and Administration App via ip address and port"
|
description = "This rule blocks the access of Competition App and Administration App via ip address and port"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -147,7 +147,7 @@ locals {
|
|||||||
|
|
||||||
# Default Deny - Evaluated Last (Precedence: 21700)
|
# Default Deny - Evaluated Last (Precedence: 21700)
|
||||||
rdp_default_deny = {
|
rdp_default_deny = {
|
||||||
name = "NETWORK-Block: Default Deny Policy"
|
name = "NETWORK - Block: Default Deny Policy"
|
||||||
description = "Deny RDP access for users without IT admin privileges (evaluated after allow policy)"
|
description = "Deny RDP access for users without IT admin privileges (evaluated after allow policy)"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -168,7 +168,7 @@ locals {
|
|||||||
|
|
||||||
# AI Application Governance (Precedence: 24000-24100)
|
# AI Application Governance (Precedence: 24000-24100)
|
||||||
redirect_ai_to_claude = {
|
redirect_ai_to_claude = {
|
||||||
name = "HTTP-Redirect: Redirect users to claude.ai"
|
name = "HTTP - Redirect: Redirect users to claude.ai"
|
||||||
description = "Redirect any unreviewed AI application to claude.ai instead"
|
description = "Redirect any unreviewed AI application to claude.ai instead"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "redirect"
|
action = "redirect"
|
||||||
@@ -181,7 +181,7 @@ locals {
|
|||||||
|
|
||||||
# Content Filtering & DLP (Precedence: 25000-25100)
|
# Content Filtering & DLP (Precedence: 25000-25100)
|
||||||
block_pdf_download = {
|
block_pdf_download = {
|
||||||
name = "HTTP-Block: PDF Files download"
|
name = "HTTP - Block: PDF Files download"
|
||||||
description = "Block Downloading PDF Files for Sales Engineering group"
|
description = "Block Downloading PDF Files for Sales Engineering group"
|
||||||
enabled = false
|
enabled = false
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -194,7 +194,7 @@ locals {
|
|||||||
}
|
}
|
||||||
|
|
||||||
block_gambling = {
|
block_gambling = {
|
||||||
name = "HTTP-Block: Gambling websites"
|
name = "HTTP - Block: Gambling websites"
|
||||||
description = "Block Gambling website according to corporate policies (HTTP)."
|
description = "Block Gambling website according to corporate policies (HTTP)."
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "block"
|
action = "block"
|
||||||
@@ -207,7 +207,7 @@ locals {
|
|||||||
}
|
}
|
||||||
|
|
||||||
allow_chatgpt_log = {
|
allow_chatgpt_log = {
|
||||||
name = "HTTP-Allow: ChatGPT logging"
|
name = "HTTP - Allow: ChatGPT logging"
|
||||||
description = "Log ChatGPT requests"
|
description = "Log ChatGPT requests"
|
||||||
enabled = true
|
enabled = true
|
||||||
action = "allow"
|
action = "allow"
|
||||||
|
|||||||
Reference in New Issue
Block a user