This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337
Go to file
Nemo 58410fa2b5 v1.3.0
- Added new outputs for various regions
- New regions added: UK/India
2023-12-15 13:41:25 +05:30
.github Create FUNDING.yml 2022-05-30 14:50:00 +05:30
LICENSE [license] Updates LICENSE date 2021-02-10 00:36:21 +05:30
README.md v1.3.0 2023-12-15 13:41:25 +05:30
locals.tf v1.3.0 2023-12-15 13:41:25 +05:30
main.tf Initial Commit 2019-04-18 16:42:41 +05:30
outputs.tf v1.3.0 2023-12-15 13:41:25 +05:30
variables.tf Initial Commit 2019-04-18 16:42:41 +05:30

README.md

terraform-data-duo-ips License:MIT GitHub tag (latest SemVer) GitHub last commit

This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337.

Supported on both Terraform and OpenTofu.

Usage

// Import the module
module "duo-ips" {
  source  = "captn3m0/duo-ips/data"
  version = "1.3.0"
}

// Allow traffic for MFA APIs for all region CIDRs
// Also open traffic from these to your LDAP Server port 636 if you're using LDAP
resource "aws_security_group_rule" "allow_all_to_duo" {
  type              = "egress"
  from_port         = 0
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = ["${module.duo-ips.cidrs}"]
  security_group_id = "sg-123456"
}

// Limit MFA traffic to specific regions
resource "aws_security_group_rule" "allow_all_to_duo_uk" {
  type              = "egress"
  from_port         = 0
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = ["${module.duo-ips.uk-cidrs}"]
  security_group_id = "sg-123456"
}

// trusted endpoint requests are made from these ranges
// depending on what port your origin is using, pick the correct port here as well.
resource "aws_security_group_rule" "allow_all_from_duo_in_ingress" {
  type              = "ingress"
  from_port         = 0
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = ["${module.duo-ips.trusted-endpoint-india-cidrs}"]
  security_group_id = "sg-123456"
}

Outputs

Name Description
ad_hostnames_asean Map of Duo's Microsoft Azure Active Directory Conditional Access application for ASEAN deployments
ad_hostnames_au Map of Duo's Microsoft Azure Active Directory Conditional Access application for AU deployments
ad_hostnames_ca Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments
ad_hostnames_eu Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments
ad_hostnames_in Map of Duo's Microsoft Azure Active Directory Conditional Access application for IN deployments
ad_hostnames_jp Map of Duo's Microsoft Azure Active Directory Conditional Access application for Japan deployments
ad_hostnames_uk Map of Duo's Microsoft Azure Active Directory Conditional Access application for UK deployments
ad_hostnames_us Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments
australia-cidrs List of Duo's Service CIDRs for australia deployments
canada-cidrs List of Duo's Service CIDRs for canada deployments
central-europe-cidrs List of Duo's Service CIDRs for central-europe deployments
cidrs List of all Duo Service CIDRs. Allow for egress to Duo
emea-cidrs List of Duo's Service CIDRs for EMEA deployments
india-cidrs List of Duo's Service CIDRs for india deployments
japan-cidrs List of Duo's Service CIDRs for japan deployments
southeast-asia-cidrs List of Duo's Service CIDRs for southeast-asia deployments
trusted-endpoint-australia-cidrs List of Duo's Trusted Endpoint CIDRs for Australia Deployments
trusted-endpoint-canada-cidrs List of Duo's Trusted Endpoint CIDRs for Canda Deployments
trusted-endpoint-central-europe-cidrs List of Duo's Trusted Endpoint CIDRs for Central Europe Deployments
trusted-endpoint-emea-cidrs List of Duo's Trusted Endpoint CIDRs for EMEA Deployments
trusted-endpoint-india-cidrs List of Duo's Trusted Endpoint CIDRs for India Deployments
trusted-endpoint-japan-cidrs List of Duo's Trusted Endpoint CIDRs for Japan Deployments
trusted-endpoint-southeast-asia-cidrs List of Duo's Trusted Endpoint CIDRs for Southeast Asia Deployments
trusted-endpoint-uk-cidrs List of Duo's Trusted Endpoint CIDRs for UK Deployments
trusted-endpoint-us-cidrs List of Duo's Trusted Endpoint CIDRs for US Deployments
trusted_endpoints_cidrs List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo
uk-cidrs List of Duo's Service CIDRs for UK deployments
us-cidrs List of Duo's Service CIDRs for US deployments

Changelog

1.3.0

  • Added new outputs for various regions
  • New regions added: UK/India

1.2.0

  • Added new CIDRs

1.1.0

  • Removed http:// from hostname values.

1.0.3

  • Changed the terraform registry module name from duo-whitelist to duo-ips.
  • Renamed duo_ad_hostnames_us to ad_hostnames_us

LICENSE

Licensed under MIT. See nemo.mit-license.org for complete text.