# ============================================================================= # CLOUDFLARE : Access Controls : Applications # ============================================================================= #====================================================== # SELF-HOSTED APP: Domain Controller #====================================================== # Creating the Target resource "cloudflare_zero_trust_access_infrastructure_target" "aws_rdp_target" { account_id = local.cloudflare_account_id hostname = var.cloudflare_aws_target_rdp_name ip = { ipv4 = { ip_addr = var.gcp_windows_vm_internal_ip } } } # Domain Controller Browser-Rendered RDP Application resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_rdp_domain" { account_id = local.cloudflare_account_id type = "rdp" name = var.cloudflare_aws_browser_rdp_app_name app_launcher_visible = true logo_url = "https://www.kevinsubileau.fr/wp-content/uploads/2016/05/RDP_icon.png" tags = [cloudflare_zero_trust_access_tag.tags["engineers"].name] session_duration = "0s" custom_deny_url = "https://denied.tips-of-mine.org/" custom_non_identity_deny_url = "https://denied.tips-of-mine.org/" # Public hostname for browser rendering domain = var.cloudflare_subdomain_rdp # Target criteria - references the existing gcp_rdp_target target_criteria = [{ port = 3389 protocol = "RDP" target_attributes = { hostname = [var.cloudflare_aws_target_rdp_name] # This will be "Domain-Controller" } }] # Identity provider settings allowed_idps = [ cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, ] auto_redirect_to_identity = true enable_binding_cookie = false http_only_cookie_attribute = false options_preflight_bypass = false # Reference the policy from cloudflare-app-policies.tf policies = [{ id = cloudflare_zero_trust_access_policy.policies["domain_controller"].id }] # Depends on the existing target depends_on = [ cloudflare_zero_trust_access_infrastructure_target.aws_rdp_target ] } #====================================================== # SELF-HOSTED APP: Domain Controller #====================================================== # Creating the Target resource "cloudflare_zero_trust_access_infrastructure_target" "gcp_rdp_target" { account_id = local.cloudflare_account_id hostname = var.cloudflare_gcp_target_rdp_name ip = { ipv4 = { ip_addr = var.gcp_windows_vm_internal_ip } } } # Domain Controller Browser-Rendered RDP Application resource "cloudflare_zero_trust_access_application" "cloudflare_gcp_app_rdp_domain" { account_id = local.cloudflare_account_id type = "rdp" name = var.cloudflare_gcp_browser_rdp_app_name app_launcher_visible = true logo_url = "https://www.kevinsubileau.fr/wp-content/uploads/2016/05/RDP_icon.png" tags = [cloudflare_zero_trust_access_tag.tags["engineers"].name] session_duration = "0s" custom_deny_url = "https://denied.tips-of-mine.org/" custom_non_identity_deny_url = "https://denied.tips-of-mine.org/" # Public hostname for browser rendering domain = var.cloudflare_subdomain_rdp # Target criteria - references the existing gcp_rdp_target target_criteria = [{ port = 3389 protocol = "RDP" target_attributes = { hostname = [var.cloudflare_gcp_target_rdp_name] # This will be "Domain-Controller" } }] # Identity provider settings allowed_idps = [ cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, ] auto_redirect_to_identity = true enable_binding_cookie = false http_only_cookie_attribute = false options_preflight_bypass = false # Reference the policy from cloudflare-app-policies.tf policies = [{ id = cloudflare_zero_trust_access_policy.policies["domain_controller"].id }] # Depends on the existing target depends_on = [ cloudflare_zero_trust_access_infrastructure_target.gcp_rdp_target ] }