Remove whitelist everywhere

2020-09-08 13:53:32 +05:30 · 2020-09-08 13:53:32 +05:30 · b018e58799
parent 1d2b708c11
commit b018e58799
2 changed files with 38 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -1,12 +1,12 @@
-# terraform-http-duo-whitelist ![](https://img.shields.io/badge/license-MIT-blue.svg)
+# terraform-http-duo-ips ![](https://img.shields.io/badge/license-MIT-blue.svg)

 This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337

 # Usage

 ```hcl
-module "duo-whitelist" {
-  source  = "captn3m0/duo-whitelist/http"
+module "duo-ips" {
+  source  = "captn3m0/duo-ips/http"
  version = "1.0.0"
 }

@ -15,23 +15,34 @@ resource "aws_security_group_rule" "allow_all_to_duo" {
  from_port       = 0
  to_port         = 443
  protocol        = "tcp"
-  cidr_blocks     = ["${module.duo-whitelist.cidr}"]
+  cidr_blocks     = ["${module.duo-ips.cidr}"]
  security_group_id = "sg-123456"
 }
 ```

-# Outputs
+## Outputs

 The following outputs are exported:

-## cidrs
+### ad\_hostnames\_ca

-Description: List of all Duo Service CIDRs. Whitelist for egress
+Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments

-## trusted\_endpoints\_cidrs
+### ad\_hostnames\_eu

-Description: Duo's Trusted Endpoint CIDRs. Whitelist for ingress
+Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments

+### cidrs
+
+Description: List of all Duo Service CIDRs. Allow for egress to Duo
+
+### duo\_ad\_hostnames\_us
+
+Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments
+
+### trusted\_endpoints\_cidrs
+
+Description: List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo

 # LICENSE

--- a/outputs.tf
+++ b/outputs.tf
@ -1,5 +1,5 @@
 output "cidrs" {
-  description = "List of all Duo Service CIDRs. Whitelist for egress"
+  description = "List of all Duo Service CIDRs. Allow for egress to Duo"

  value = [
    "54.241.191.128/26",
@ -8,11 +8,12 @@ output "cidrs" {
    "52.32.63.128/26",
    "52.59.243.192/26",
    "35.182.14.128/26",
+    "3.25.48.128/26"
  ]
 }

 output "trusted_endpoints_cidrs" {
-  description = "List of Duo's Trusted Endpoint CIDRs. Whitelist for ingress"
+  description = "List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo"

  value = [
    "13.56.32.240/29",
@ -22,3 +23,18 @@ output "trusted_endpoints_cidrs" {
    "35.182.14.128/30",
  ]
 }
+
+output "ad_hostnames_ca" {
+  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments"
+  values      = ["http://cc1.azureauth.duosecurity.com/"]
+}
+
+output "ad_hostnames_eu" {
+  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments"
+  values      = ["http://ec1.azureauth.duosecurity.com/", "http://eu-west.azureauth.duosecurity.com/"]
+}
+
+output "duo_ad_hostnames_us" {
+  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments"
+  values      = ["http://us.azureauth.duosecurity.com/"]
+}