Remove whitelist everywhere
This commit is contained in:
parent
1d2b708c11
commit
b018e58799
29
README.md
29
README.md
|
@ -1,12 +1,12 @@
|
|||
# terraform-http-duo-whitelist ![](https://img.shields.io/badge/license-MIT-blue.svg)
|
||||
# terraform-http-duo-ips ![](https://img.shields.io/badge/license-MIT-blue.svg)
|
||||
|
||||
This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337
|
||||
|
||||
# Usage
|
||||
|
||||
```hcl
|
||||
module "duo-whitelist" {
|
||||
source = "captn3m0/duo-whitelist/http"
|
||||
module "duo-ips" {
|
||||
source = "captn3m0/duo-ips/http"
|
||||
version = "1.0.0"
|
||||
}
|
||||
|
||||
|
@ -15,23 +15,34 @@ resource "aws_security_group_rule" "allow_all_to_duo" {
|
|||
from_port = 0
|
||||
to_port = 443
|
||||
protocol = "tcp"
|
||||
cidr_blocks = ["${module.duo-whitelist.cidr}"]
|
||||
cidr_blocks = ["${module.duo-ips.cidr}"]
|
||||
security_group_id = "sg-123456"
|
||||
}
|
||||
```
|
||||
|
||||
# Outputs
|
||||
## Outputs
|
||||
|
||||
The following outputs are exported:
|
||||
|
||||
## cidrs
|
||||
### ad\_hostnames\_ca
|
||||
|
||||
Description: List of all Duo Service CIDRs. Whitelist for egress
|
||||
Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments
|
||||
|
||||
## trusted\_endpoints\_cidrs
|
||||
### ad\_hostnames\_eu
|
||||
|
||||
Description: Duo's Trusted Endpoint CIDRs. Whitelist for ingress
|
||||
Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments
|
||||
|
||||
### cidrs
|
||||
|
||||
Description: List of all Duo Service CIDRs. Allow for egress to Duo
|
||||
|
||||
### duo\_ad\_hostnames\_us
|
||||
|
||||
Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments
|
||||
|
||||
### trusted\_endpoints\_cidrs
|
||||
|
||||
Description: List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo
|
||||
|
||||
# LICENSE
|
||||
|
||||
|
|
20
outputs.tf
20
outputs.tf
|
@ -1,5 +1,5 @@
|
|||
output "cidrs" {
|
||||
description = "List of all Duo Service CIDRs. Whitelist for egress"
|
||||
description = "List of all Duo Service CIDRs. Allow for egress to Duo"
|
||||
|
||||
value = [
|
||||
"54.241.191.128/26",
|
||||
|
@ -8,11 +8,12 @@ output "cidrs" {
|
|||
"52.32.63.128/26",
|
||||
"52.59.243.192/26",
|
||||
"35.182.14.128/26",
|
||||
"3.25.48.128/26"
|
||||
]
|
||||
}
|
||||
|
||||
output "trusted_endpoints_cidrs" {
|
||||
description = "List of Duo's Trusted Endpoint CIDRs. Whitelist for ingress"
|
||||
description = "List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo"
|
||||
|
||||
value = [
|
||||
"13.56.32.240/29",
|
||||
|
@ -22,3 +23,18 @@ output "trusted_endpoints_cidrs" {
|
|||
"35.182.14.128/30",
|
||||
]
|
||||
}
|
||||
|
||||
output "ad_hostnames_ca" {
|
||||
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments"
|
||||
values = ["http://cc1.azureauth.duosecurity.com/"]
|
||||
}
|
||||
|
||||
output "ad_hostnames_eu" {
|
||||
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments"
|
||||
values = ["http://ec1.azureauth.duosecurity.com/", "http://eu-west.azureauth.duosecurity.com/"]
|
||||
}
|
||||
|
||||
output "duo_ad_hostnames_us" {
|
||||
description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments"
|
||||
values = ["http://us.azureauth.duosecurity.com/"]
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue