Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3b8b922717057357608c3a6e76d8d42e65414841
terraform-cloudflare-tunnel…/access_rule_groups.tf
Hubert Cornet ebca68299d
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 12s
Details
Update access_rule_groups.tf
2025-11-16 12:30:12 +01:00

165 lines
4.4 KiB
HCL
Raw Blame History

#==========================================================
# Local Variables
#==========================================================
#locals {
# SAML groups from Okta
# saml_groups = {
# contractors = "Contractors"
# infrastructure_admin = "InfrastructureAdmin"
# sales_engineering = "SalesEngineering"
# sales = "Sales"
# it_admin = "ITAdmin"
# }
# Azure AD groups
# azure_groups = {
# azure_engineering = var.azure_engineering_group_id
# azure_sales = var.azure_sales_group_id
# azure_administrators = var.cloudflare_azure_admin_rule_group_id
# }
# Allowed countries
# allowed_countries = ["FR", "DE", "US", "GB"]
# blocked_countries = ["CN", "RU", "AF", "BY", "CD", "CU", "IR", "IQ", "KP", "MM", "SD", "SY", "UA", "ZW"]
# OS posture checks
# os_posture_checks = [
# var.cloudflare_linux_posture_id,
# var.cloudflare_macos_posture_id,
# var.cloudflare_windows_posture_id
# ]
#}
#==================================================
# Default Rule Groups
#===================================================
resource "cloudflare_zero_trust_access_group" "default_groups" {
account_id = local.cloudflare_account_id
name = "default group"
zone_id = local.cloudflare_zone_id
is_default = true
include = [
{
email = {
email = "thedjinhn@gmail.com"
}
}
]
}
#==================================================
# Geographic Rule Groups
#===================================================
#resource "cloudflare_zero_trust_access_group" "country_requirements_rule_group" {
# account_id = local.cloudflare_account_id
# name = "Country Requirements"
#
# include = [
# for country in local.allowed_countries : {
# geo = {
# country_code = country
# }
# }
# ]
# exclude = [
# for country in local.blocked_countries : {
# geo = {
# country_code = country
# }
# }
# ]
#}
#==================================================
# Device Posture Rule Groups
#===================================================
#resource "cloudflare_zero_trust_access_group" "latest_os_version_requirements_rule_group" {
# account_id = local.cloudflare_account_id
# name = "Latest OS Version Requirements"
#
# include = [
# for posture_id in local.os_posture_checks : {
# device_posture = {
# integration_uid = posture_id
# }
# }
# ]
#}
#==================================================
# Composite Rule Groups
#===================================================
#resource "cloudflare_zero_trust_access_group" "employees_rule_group" {
# account_id = local.cloudflare_account_id
# name = "Employees"
#
# include = [
# for group_key in ["it_admin", "sales", "sales_engineering", "infrastructure_admin"] : {
# group = {
# id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
# }
# }
# ]
#}
#resource "cloudflare_zero_trust_access_group" "sales_team_rule_group" {
# account_id = local.cloudflare_account_id
# name = "Sales Team"
#
# include = [
# for group_key in ["sales", "sales_engineering"] : {
# group = {
# id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
# }
# }
# ]
#}
#resource "cloudflare_zero_trust_access_group" "admins_rule_group" {
# account_id = local.cloudflare_account_id
# name = "Administrators"
#
# include = [
# for group_key in ["it_admin", "infrastructure_admin"] : {
# group = {
# id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
# }
# }
# ]
#}
#resource "cloudflare_zero_trust_access_group" "contractors_rule_group" {
# account_id = local.cloudflare_account_id
# name = "Contractors Extended"
#
# include = [
# {
# group = {
# id = cloudflare_zero_trust_access_group.saml_groups["contractors"].id
# }
# },
# {
# email_domain = {
# domain = var.cloudflare_email_domain
# }
# }
# ]
#}
#==================================================
# Azure AD Rule Groups
#===================================================
#resource "cloudflare_zero_trust_access_group" "azure_groups" {
# for_each = local.azure_groups
# account_id = local.cloudflare_account_id
# name = replace(title(replace(each.key, "_", " ")), "Azure", "Azure")
#
# include = [{
# azure_ad = {
# identity_provider_id = var.cloudflare_azure_identity_provider_id
# id = each.value
# }
# }]
#}
Reference in New Issue View Git Blame Copy Permalink