Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f291a61f63027b02392005c50943f409095f6323
terraform-cloudflare-tunnel…/Access_Controls-Applications-rdp.tf
hcornet 746d019195
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 15s
Details
test add other apps
2025-11-24 14:52:08 +01:00

125 lines
4.2 KiB
HCL
Raw Blame History

# =============================================================================
# CLOUDFLARE : Access Controls : Applications
# =============================================================================
#======================================================
# SELF-HOSTED APP: Domain Controller
#======================================================
# Creating the Target
resource "cloudflare_zero_trust_access_infrastructure_target" "aws_rdp_target" {
account_id = local.cloudflare_account_id
hostname = var.cloudflare_aws_target_rdp_name
ip = {
ipv4 = {
ip_addr = var.gcp_windows_vm_internal_ip
}
}
}
# Domain Controller Browser-Rendered RDP Application
resource "cloudflare_zero_trust_access_application" "cloudflare_aws_app_rdp_domain" {
account_id = local.cloudflare_account_id
type = "rdp"
name = var.cloudflare_aws_browser_rdp_app_name
app_launcher_visible = true
logo_url = "https://www.kevinsubileau.fr/wp-content/uploads/2016/05/RDP_icon.png"
tags = [cloudflare_zero_trust_access_tag.tags["engineers"].name]
session_duration = "0s"
custom_deny_url = "https://denied.tips-of-mine.org/"
custom_non_identity_deny_url = "https://denied.tips-of-mine.org/"
# Public hostname for browser rendering
domain = var.cloudflare_subdomain_rdp
# Target criteria - references the existing gcp_rdp_target
target_criteria = [{
port = 3389
protocol = "RDP"
target_attributes = {
hostname = [var.cloudflare_aws_target_rdp_name] # This will be "Domain-Controller"
}
}]
# Identity provider settings
allowed_idps = [
cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
]
auto_redirect_to_identity = true
enable_binding_cookie = false
http_only_cookie_attribute = false
options_preflight_bypass = false
# Reference the policy from cloudflare-app-policies.tf
policies = [{
id = cloudflare_zero_trust_access_policy.policies["domain_controller"].id
}]
# Depends on the existing target
depends_on = [
cloudflare_zero_trust_access_infrastructure_target.aws_rdp_target
]
}
#======================================================
# SELF-HOSTED APP: Domain Controller
#======================================================
# Creating the Target
resource "cloudflare_zero_trust_access_infrastructure_target" "gcp_rdp_target" {
account_id = local.cloudflare_account_id
hostname = var.cloudflare_gcp_target_rdp_name
ip = {
ipv4 = {
ip_addr = var.gcp_windows_vm_internal_ip
}
}
}
# Domain Controller Browser-Rendered RDP Application
resource "cloudflare_zero_trust_access_application" "cloudflare_gcp_app_rdp_domain" {
account_id = local.cloudflare_account_id
type = "rdp"
name = var.cloudflare_gcp_browser_rdp_app_name
app_launcher_visible = true
logo_url = "https://www.kevinsubileau.fr/wp-content/uploads/2016/05/RDP_icon.png"
tags = [cloudflare_zero_trust_access_tag.tags["engineers"].name]
session_duration = "0s"
custom_deny_url = "https://denied.tips-of-mine.org/"
custom_non_identity_deny_url = "https://denied.tips-of-mine.org/"
# Public hostname for browser rendering
domain = var.cloudflare_subdomain_rdp
# Target criteria - references the existing gcp_rdp_target
target_criteria = [{
port = 3389
protocol = "RDP"
target_attributes = {
hostname = [var.cloudflare_gcp_target_rdp_name] # This will be "Domain-Controller"
}
}]
# Identity provider settings
allowed_idps = [
cloudflare_zero_trust_access_identity_provider.authentik_oidc.id,
]
auto_redirect_to_identity = true
enable_binding_cookie = false
http_only_cookie_attribute = false
options_preflight_bypass = false
# Reference the policy from cloudflare-app-policies.tf
policies = [{
id = cloudflare_zero_trust_access_policy.policies["domain_controller"].id
}]
# Depends on the existing target
depends_on = [
cloudflare_zero_trust_access_infrastructure_target.gcp_rdp_target
]
}
Reference in New Issue View Git Blame Copy Permalink