splitting the "applications" file
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 4m24s
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 4m24s
This commit is contained in:
62
Access_Controls-Applications-rdp.tf
Normal file
62
Access_Controls-Applications-rdp.tf
Normal file
@@ -0,0 +1,62 @@
|
||||
# =============================================================================
|
||||
# CLOUDFLARE : Access Controls : Applications
|
||||
# =============================================================================
|
||||
|
||||
#======================================================
|
||||
# SELF-HOSTED APP: Domain Controller
|
||||
#======================================================
|
||||
|
||||
# Creating the Target
|
||||
resource "cloudflare_zero_trust_access_infrastructure_target" "gcp_rdp_target" {
|
||||
account_id = local.cloudflare_account_id
|
||||
|
||||
hostname = var.cloudflare_target_rdp_name
|
||||
ip = {
|
||||
ipv4 = {
|
||||
ip_addr = var.gcp_windows_vm_internal_ip
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Domain Controller Browser-Rendered RDP Application
|
||||
resource "cloudflare_zero_trust_access_application" "cloudflare_app_rdp_domain" {
|
||||
account_id = local.cloudflare_account_id
|
||||
|
||||
type = "rdp"
|
||||
name = var.cloudflare_browser_rdp_app_name
|
||||
app_launcher_visible = true
|
||||
logo_url = "https://www.kevinsubileau.fr/wp-content/uploads/2016/05/RDP_icon.png"
|
||||
tags = [cloudflare_zero_trust_access_tag.tags["engineers"].name]
|
||||
session_duration = "0s"
|
||||
custom_deny_url = "https://denied.tips-of-mine.org/"
|
||||
custom_non_identity_deny_url = "https://denied.tips-of-mine.org/"
|
||||
|
||||
# Public hostname for browser rendering
|
||||
domain = var.cloudflare_subdomain_rdp
|
||||
|
||||
# Target criteria - references the existing gcp_rdp_target
|
||||
target_criteria = [{
|
||||
port = 3389
|
||||
protocol = "RDP"
|
||||
target_attributes = {
|
||||
hostname = [var.cloudflare_target_rdp_name] # This will be "Domain-Controller"
|
||||
}
|
||||
}]
|
||||
|
||||
# Identity provider settings
|
||||
allowed_idps = [var.cloudflare_okta_identity_provider_id]
|
||||
auto_redirect_to_identity = true
|
||||
enable_binding_cookie = false
|
||||
http_only_cookie_attribute = false
|
||||
options_preflight_bypass = false
|
||||
|
||||
# Reference the policy from cloudflare-app-policies.tf
|
||||
policies = [{
|
||||
id = cloudflare_zero_trust_access_policy.policies["domain_controller"].id
|
||||
}]
|
||||
|
||||
# Depends on the existing target
|
||||
depends_on = [
|
||||
cloudflare_zero_trust_access_infrastructure_target.gcp_rdp_target
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user