nemo
/
terraform-data-duo-ips
mirror of https://github.com/captn3m0/terraform-data-duo-ips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove whitelist everywhere

This commit is contained in:
Nemo 2020-09-08 13:53:32 +05:30
parent 1d2b708c11
commit b018e58799
2 changed files with 38 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@ -1,12 +1,12 @@
# terraform-http-duo-whitelist ![](https://img.shields.io/badge/license-MIT-blue.svg) # terraform-http-duo-ips ![](https://img.shields.io/badge/license-MIT-blue.svg)
This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337 This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337
# Usage # Usage
```hcl ```hcl
module "duo-whitelist" { module "duo-ips" {
source = "captn3m0/duo-whitelist/http" source = "captn3m0/duo-ips/http"
version = "1.0.0" version = "1.0.0"
} }
@ -15,23 +15,34 @@ resource "aws_security_group_rule" "allow_all_to_duo" {
from_port = 0 from_port = 0
to_port = 443 to_port = 443
protocol = "tcp" protocol = "tcp"
cidr_blocks = ["${module.duo-whitelist.cidr}"] cidr_blocks = ["${module.duo-ips.cidr}"]
security_group_id = "sg-123456" security_group_id = "sg-123456"
} }
``` ```
# Outputs ## Outputs
The following outputs are exported: The following outputs are exported:
## cidrs ### ad\_hostnames\_ca
Description: List of all Duo Service CIDRs. Whitelist for egress Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments
## trusted\_endpoints\_cidrs ### ad\_hostnames\_eu
Description: Duo's Trusted Endpoint CIDRs. Whitelist for ingress Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments
### cidrs
Description: List of all Duo Service CIDRs. Allow for egress to Duo
### duo\_ad\_hostnames\_us
Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments
### trusted\_endpoints\_cidrs
Description: List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo
# LICENSE # LICENSE

20
outputs.tf
View File

@ -1,5 +1,5 @@
output "cidrs" { output "cidrs" {
description = "List of all Duo Service CIDRs. Whitelist for egress" description = "List of all Duo Service CIDRs. Allow for egress to Duo"
value = [ value = [
"54.241.191.128/26", "54.241.191.128/26",
@ -8,11 +8,12 @@ output "cidrs" {
"52.32.63.128/26", "52.32.63.128/26",
"52.59.243.192/26", "52.59.243.192/26",
"35.182.14.128/26", "35.182.14.128/26",
"3.25.48.128/26"
] ]
} }
output "trusted_endpoints_cidrs" { output "trusted_endpoints_cidrs" {
description = "List of Duo's Trusted Endpoint CIDRs. Whitelist for ingress" description = "List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo"
value = [ value = [
"13.56.32.240/29", "13.56.32.240/29",
@ -22,3 +23,18 @@ output "trusted_endpoints_cidrs" {
"35.182.14.128/30", "35.182.14.128/30",
] ]
} }
output "ad_hostnames_ca" {
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments"
values = ["http://cc1.azureauth.duosecurity.com/"]
}
output "ad_hostnames_eu" {
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments"
values = ["http://ec1.azureauth.duosecurity.com/", "http://eu-west.azureauth.duosecurity.com/"]
}
output "duo_ad_hostnames_us" {
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments"
values = ["http://us.azureauth.duosecurity.com/"]
}