Remove whitelist everywhere
This commit is contained in:
parent
1d2b708c11
commit
b018e58799
29
README.md
29
README.md
|
@ -1,12 +1,12 @@
|
||||||
# terraform-http-duo-whitelist ![](https://img.shields.io/badge/license-MIT-blue.svg)
|
# terraform-http-duo-ips ![](https://img.shields.io/badge/license-MIT-blue.svg)
|
||||||
|
|
||||||
This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337
|
This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "duo-whitelist" {
|
module "duo-ips" {
|
||||||
source = "captn3m0/duo-whitelist/http"
|
source = "captn3m0/duo-ips/http"
|
||||||
version = "1.0.0"
|
version = "1.0.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,23 +15,34 @@ resource "aws_security_group_rule" "allow_all_to_duo" {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 443
|
to_port = 443
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["${module.duo-whitelist.cidr}"]
|
cidr_blocks = ["${module.duo-ips.cidr}"]
|
||||||
security_group_id = "sg-123456"
|
security_group_id = "sg-123456"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
# Outputs
|
## Outputs
|
||||||
|
|
||||||
The following outputs are exported:
|
The following outputs are exported:
|
||||||
|
|
||||||
## cidrs
|
### ad\_hostnames\_ca
|
||||||
|
|
||||||
Description: List of all Duo Service CIDRs. Whitelist for egress
|
Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments
|
||||||
|
|
||||||
## trusted\_endpoints\_cidrs
|
### ad\_hostnames\_eu
|
||||||
|
|
||||||
Description: Duo's Trusted Endpoint CIDRs. Whitelist for ingress
|
Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments
|
||||||
|
|
||||||
|
### cidrs
|
||||||
|
|
||||||
|
Description: List of all Duo Service CIDRs. Allow for egress to Duo
|
||||||
|
|
||||||
|
### duo\_ad\_hostnames\_us
|
||||||
|
|
||||||
|
Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments
|
||||||
|
|
||||||
|
### trusted\_endpoints\_cidrs
|
||||||
|
|
||||||
|
Description: List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo
|
||||||
|
|
||||||
# LICENSE
|
# LICENSE
|
||||||
|
|
||||||
|
|
20
outputs.tf
20
outputs.tf
|
@ -1,5 +1,5 @@
|
||||||
output "cidrs" {
|
output "cidrs" {
|
||||||
description = "List of all Duo Service CIDRs. Whitelist for egress"
|
description = "List of all Duo Service CIDRs. Allow for egress to Duo"
|
||||||
|
|
||||||
value = [
|
value = [
|
||||||
"54.241.191.128/26",
|
"54.241.191.128/26",
|
||||||
|
@ -8,11 +8,12 @@ output "cidrs" {
|
||||||
"52.32.63.128/26",
|
"52.32.63.128/26",
|
||||||
"52.59.243.192/26",
|
"52.59.243.192/26",
|
||||||
"35.182.14.128/26",
|
"35.182.14.128/26",
|
||||||
|
"3.25.48.128/26"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
output "trusted_endpoints_cidrs" {
|
output "trusted_endpoints_cidrs" {
|
||||||
description = "List of Duo's Trusted Endpoint CIDRs. Whitelist for ingress"
|
description = "List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo"
|
||||||
|
|
||||||
value = [
|
value = [
|
||||||
"13.56.32.240/29",
|
"13.56.32.240/29",
|
||||||
|
@ -22,3 +23,18 @@ output "trusted_endpoints_cidrs" {
|
||||||
"35.182.14.128/30",
|
"35.182.14.128/30",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "ad_hostnames_ca" {
|
||||||
|
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments"
|
||||||
|
values = ["http://cc1.azureauth.duosecurity.com/"]
|
||||||
|
}
|
||||||
|
|
||||||
|
output "ad_hostnames_eu" {
|
||||||
|
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments"
|
||||||
|
values = ["http://ec1.azureauth.duosecurity.com/", "http://eu-west.azureauth.duosecurity.com/"]
|
||||||
|
}
|
||||||
|
|
||||||
|
output "duo_ad_hostnames_us" {
|
||||||
|
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments"
|
||||||
|
values = ["http://us.azureauth.duosecurity.com/"]
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue