🏡 index : github.com/captn3m0/terraform-data-duo-ips.git

author Nemo <commits@captnemo.in> 2025-01-04 19:31:26.0 +05:30:00
committer Nemo <commits@captnemo.in> 2025-01-04 19:31:26.0 +05:30:00
commit 
c5c976d797c79d7c84643170ea9b2955b3e3f842 [patch]
tree 
4f7e9a8d3627e88444f01d1f11435792e7ff2836
parent 
58410fa2b5d21a2494ba6d03f5ebb7dc95ff460e
download 
master.tar.gz

Adds auth_cidr_by_deployment and UAE CIDRs




Diff


 README.md  |  10 ++++++++++
 locals.tf  |   9 +++++++++
 outputs.tf | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------
 3 files changed, 145 insertions(+), 24 deletions(-)

diff --git a/README.md b/README.md
index 9b2918b..e7e23b6 100644
--- a/README.md
+++ a/README.md
@@ -34,6 +34,16 @@
  security_group_id = "sg-123456"
}

// Limit MFA traffic as per your DUO Deployment ID
resource "aws_security_group_rule" "allow_all_to_duo_auth" {
  type              = "egress"
  from_port         = 0
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = module.duo-ips.auth_cidr_by_deployment["DUO48"]
  security_group_id = "sg-123456"
}

// trusted endpoint requests are made from these ranges
// depending on what port your origin is using, pick the correct port here as well.
resource "aws_security_group_rule" "allow_all_from_duo_in_ingress" {
diff --git a/locals.tf b/locals.tf
index 4e0005f..03b7342 100644
--- a/locals.tf
+++ a/locals.tf
@@ -44,6 +44,11 @@
    "13.40.93.64/26",
  ]

  uae-cidrs = [

    "51.112.11.128/26",
    "16.24.91.0/26"
  ]

  trusted-endpoint-us-cidrs = [

    "13.56.32.240/29",
    "52.32.63.176/30"
@@ -78,6 +83,10 @@

  trusted-endpoint-uk-cidrs = [

    "13.40.93.124/30"
  ]

  trusted-endpoint-uae-cidrs = [

    "51.112.11.135/30"
  ]

}
diff --git a/outputs.tf b/outputs.tf
index 9d5726e..d730cd2 100644
--- a/outputs.tf
+++ a/outputs.tf
@@ -14,12 +14,104 @@
  )
}

output "auth_cidr_by_deployment" {


  description = "Map of Duo's Service CIDRs by deployment. Lookup by Deployment ID (DUOXX) for a list of CIDRs to allow for egress for authentication"
  value = {

    DUO1  = local.us-cidrs
    DUO2  = local.us-cidrs
    DUO4  = local.us-cidrs
    DUO5  = local.us-cidrs
    DUO6  = local.us-cidrs
    DUO7  = local.us-cidrs
    DUO9  = local.us-cidrs
    DUO10 = local.us-cidrs
    DUO13 = local.us-cidrs
    DUO14 = local.us-cidrs
    DUO15 = local.us-cidrs
    DUO16 = local.us-cidrs
    DUO17 = local.us-cidrs
    DUO18 = local.us-cidrs
    DUO19 = local.us-cidrs
    DUO20 = local.us-cidrs
    DUO21 = local.us-cidrs
    DUO22 = local.us-cidrs
    DUO23 = local.us-cidrs
    DUO24 = local.us-cidrs
    DUO28 = local.us-cidrs
    DUO31 = local.us-cidrs
    DUO32 = local.us-cidrs
    DUO33 = local.us-cidrs
    DUO35 = local.us-cidrs
    DUO36 = local.us-cidrs
    DUO37 = local.us-cidrs
    DUO39 = local.us-cidrs
    DUO40 = local.us-cidrs
    DUO41 = local.us-cidrs
    DUO42 = local.us-cidrs
    DUO44 = local.us-cidrs
    DUO45 = local.us-cidrs
    DUO49 = local.us-cidrs
    DUO50 = local.us-cidrs
    DUO52 = local.us-cidrs
    DUO55 = local.us-cidrs
    DUO56 = local.us-cidrs
    DUO58 = local.us-cidrs
    DUO60 = local.us-cidrs
    DUO62 = local.us-cidrs
    DUO63 = local.us-cidrs
    DUO64 = local.us-cidrs
    DUO65 = local.us-cidrs
    DUO71 = local.us-cidrs
    DUO72 = local.us-cidrs
    DUO73 = local.us-cidrs
    DUO74 = local.us-cidrs
    DUO75 = local.us-cidrs
    DUO76 = local.us-cidrs
    DUO77 = local.us-cidrs
    DUO78 = local.us-cidrs
    DUO79 = local.us-cidrs
    DUO80 = local.us-cidrs

    DUO3  = local.emea-cidrs
    DUO47 = local.emea-cidrs
    DUO57 = local.emea-cidrs

    DUO38 = local.central-europe-cidrs
    DUO48 = local.central-europe-cidrs

    DUO53 = local.canada-cidrs

    DUO66 = local.australia-cidrs

    DUO67 = local.japan-cidrs

    DUO68 = local.southeast-asia-cidrs

    DUO69 = local.india-cidrs

    DUO70 = local.uk-cidrs

    DUO81 = local.uae-cidrs

  }

}

output "us-cidrs" {

  description = "List of Duo's Service CIDRs for US deployments"
  value       = local.us-cidrs
}

# Maintained for backward compatibility
output "emea-cidrs" {

  description = "List of Duo's Service CIDRs for EMEA deployments"
  description = "List of Duo's Service CIDRs for EMEA deployments. Same as eu-cidrs"
  value       = local.emea-cidrs
}

# This was renamed from EMEA CIDRs
output "eu-cidrs" {

  description = "List of Duo's Service CIDRs for EMEA deployments. Same as emea-cidrs"
  value       = local.emea-cidrs
}
output "central-europe-cidrs" {

@@ -49,6 +141,11 @@
output "uk-cidrs" {

  description = "List of Duo's Service CIDRs for UK deployments"
  value       = local.uk-cidrs
}

output "uae-cidrs" {

  description = "List of Duo's Service CIDRs for UAE deployments"
  value       = local.uae-cidrs
}

output "trusted_endpoints_cidrs" {

@@ -73,76 +170,81 @@
}
output "trusted-endpoint-emea-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for EMEA Deployments"
  value       = local.a-trusted-endpoint-emea-cidrs
  value       = local.trusted-endpoint-emea-cidrs
}
output "trusted-endpoint-central-europe-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for Central Europe Deployments"
  value       = local.ope-trusted-endpoint-central-europe-cidrs
  value       = local.trusted-endpoint-central-europe-cidrs
}
output "trusted-endpoint-canada-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for Canda Deployments"
  value       = local.ada-trusted-endpoint-canada-cidrs
  value       = local.trusted-endpoint-canada-cidrs
}
output "trusted-endpoint-australia-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for Australia Deployments"
  value       = local.tralia-trusted-endpoint-australia-cidrs
  value       = local.trusted-endpoint-australia-cidrs
}
output "trusted-endpoint-japan-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for Japan Deployments"
  value       = local.an-trusted-endpoint-japan-cidrs
  value       = local.trusted-endpoint-japan-cidrs
}
output "trusted-endpoint-southeast-asia-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for Southeast Asia Deployments"
  value       = local.a-trusted-endpoint-southeast-asia-cidrs
  value       = local.trusted-endpoint-southeast-asia-cidrs
}
output "trusted-endpoint-india-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for India Deployments"
  value       = local.ia-trusted-endpoint-india-cidrs
  value       = local.trusted-endpoint-india-cidrs
}
output "trusted-endpoint-uk-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for UK Deployments"
  value       = local.trusted-endpoint-uk-cidrs
}

output "trusted-endpoint-uae-cidrs" {

  description = "List of Duo's Trusted Endpoint CIDRs for UAE Deployments"
  value       = local.trusted-endpoint-uae-cidrs
}

output "ad_hostnames_ca" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments"
  values      = ["cc1.azureauth.duosecurity.com"]
  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for Canada deployments"
  value       = ["cc1.azureauth.duosecurity.com"]
}

output "ad_hostnames_eu" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments"
  values = [

  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for EU deployments"
  value = [

    "ec1.azureauth.duosecurity.com",
    "eu-west.azureauth.duosecurity.com"
  ]
}

output "ad_hostnames_us" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments"
  values      = ["us.azureauth.duosecurity.com"]
  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for US deployments"
  value       = ["us.azureauth.duosecurity.com"]
}

output "ad_hostnames_au" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for AU deployments"
  values      = ["ase2.azureauth.duosecurity.com"]
  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for Australia deployments"
  value       = ["ase2.azureauth.duosecurity.com"]
}

output "ad_hostnames_asean" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for ASEAN deployments"
  values      = ["ase1.azureauth.duosecurity.com"]
  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for ASEAN deployments"
  value       = ["ase1.azureauth.duosecurity.com"]
}

output "ad_hostnames_jp" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Japan deployments"
  values      = ["ane1.azureauth.duosecurity.com"]
  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for Japan deployments"
  value       = ["ane1.azureauth.duosecurity.com"]
}

output "ad_hostnames_uk" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for UK deployments"
  values      = ["ew2.azureauth.duosecurity.com"]
  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for UK deployments"
  value       = ["ew2.azureauth.duosecurity.com"]
}

output "ad_hostnames_in" {

  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for IN deployments"
  values      = ["as1.azureauth.duosecurity.com"]
  description = "List of Duo's Microsoft Entra ID Conditional Access hostnames (formerly Azure Conditional Access) for IND deployments"
  value       = ["as1.azureauth.duosecurity.com"]
}