mirror of
https://github.com/captn3m0/terraform-data-duo-ips.git
synced 2024-09-11 16:46:31 +00:00
4.9 KiB
4.9 KiB
terraform-data-duo-ips
This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337.
Supported on both Terraform and OpenTofu.
Usage
// Import the module
module "duo-ips" {
source = "captn3m0/duo-ips/data"
version = "1.3.0"
}
// Allow traffic for MFA APIs for all region CIDRs
// Also open traffic from these to your LDAP Server port 636 if you're using LDAP
resource "aws_security_group_rule" "allow_all_to_duo" {
type = "egress"
from_port = 0
to_port = 443
protocol = "tcp"
cidr_blocks = ["${module.duo-ips.cidrs}"]
security_group_id = "sg-123456"
}
// Limit MFA traffic to specific regions
resource "aws_security_group_rule" "allow_all_to_duo_uk" {
type = "egress"
from_port = 0
to_port = 443
protocol = "tcp"
cidr_blocks = ["${module.duo-ips.uk-cidrs}"]
security_group_id = "sg-123456"
}
// trusted endpoint requests are made from these ranges
// depending on what port your origin is using, pick the correct port here as well.
resource "aws_security_group_rule" "allow_all_from_duo_in_ingress" {
type = "ingress"
from_port = 0
to_port = 443
protocol = "tcp"
cidr_blocks = ["${module.duo-ips.trusted-endpoint-india-cidrs}"]
security_group_id = "sg-123456"
}
Outputs
Name | Description |
---|---|
ad_hostnames_asean | Map of Duo's Microsoft Azure Active Directory Conditional Access application for ASEAN deployments |
ad_hostnames_au | Map of Duo's Microsoft Azure Active Directory Conditional Access application for AU deployments |
ad_hostnames_ca | Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments |
ad_hostnames_eu | Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments |
ad_hostnames_in | Map of Duo's Microsoft Azure Active Directory Conditional Access application for IN deployments |
ad_hostnames_jp | Map of Duo's Microsoft Azure Active Directory Conditional Access application for Japan deployments |
ad_hostnames_uk | Map of Duo's Microsoft Azure Active Directory Conditional Access application for UK deployments |
ad_hostnames_us | Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments |
australia-cidrs | List of Duo's Service CIDRs for australia deployments |
canada-cidrs | List of Duo's Service CIDRs for canada deployments |
central-europe-cidrs | List of Duo's Service CIDRs for central-europe deployments |
cidrs | List of all Duo Service CIDRs. Allow for egress to Duo |
emea-cidrs | List of Duo's Service CIDRs for EMEA deployments |
india-cidrs | List of Duo's Service CIDRs for india deployments |
japan-cidrs | List of Duo's Service CIDRs for japan deployments |
southeast-asia-cidrs | List of Duo's Service CIDRs for southeast-asia deployments |
trusted-endpoint-australia-cidrs | List of Duo's Trusted Endpoint CIDRs for Australia Deployments |
trusted-endpoint-canada-cidrs | List of Duo's Trusted Endpoint CIDRs for Canda Deployments |
trusted-endpoint-central-europe-cidrs | List of Duo's Trusted Endpoint CIDRs for Central Europe Deployments |
trusted-endpoint-emea-cidrs | List of Duo's Trusted Endpoint CIDRs for EMEA Deployments |
trusted-endpoint-india-cidrs | List of Duo's Trusted Endpoint CIDRs for India Deployments |
trusted-endpoint-japan-cidrs | List of Duo's Trusted Endpoint CIDRs for Japan Deployments |
trusted-endpoint-southeast-asia-cidrs | List of Duo's Trusted Endpoint CIDRs for Southeast Asia Deployments |
trusted-endpoint-uk-cidrs | List of Duo's Trusted Endpoint CIDRs for UK Deployments |
trusted-endpoint-us-cidrs | List of Duo's Trusted Endpoint CIDRs for US Deployments |
trusted_endpoints_cidrs | List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo |
uk-cidrs | List of Duo's Service CIDRs for UK deployments |
us-cidrs | List of Duo's Service CIDRs for US deployments |
Changelog
1.3.0
- Added new outputs for various regions
- New regions added: UK/India
1.2.0
- Added new CIDRs
1.1.0
- Removed
http://
from hostname values.
1.0.3
- Changed the terraform registry module name from
duo-whitelist
toduo-ips
. - Renamed
duo_ad_hostnames_us
toad_hostnames_us
LICENSE
Licensed under MIT. See nemo.mit-license.org for complete text.