103 lines
4.9 KiB
Markdown
103 lines
4.9 KiB
Markdown
# terraform-data-duo-ips ![License:MIT](https://img.shields.io/badge/license-MIT-blue.svg) ![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/captn3m0/terraform-data-duo-ips?sort=semver) ![GitHub last commit](https://img.shields.io/github/last-commit/captn3m0/terraform-data-duo-ips)
|
|
|
|
This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337.
|
|
|
|
Supported on both Terraform and OpenTofu.
|
|
|
|
# Usage
|
|
|
|
```hcl
|
|
// Import the module
|
|
module "duo-ips" {
|
|
source = "captn3m0/duo-ips/data"
|
|
version = "1.3.0"
|
|
}
|
|
|
|
// Allow traffic for MFA APIs for all region CIDRs
|
|
// Also open traffic from these to your LDAP Server port 636 if you're using LDAP
|
|
resource "aws_security_group_rule" "allow_all_to_duo" {
|
|
type = "egress"
|
|
from_port = 0
|
|
to_port = 443
|
|
protocol = "tcp"
|
|
cidr_blocks = ["${module.duo-ips.cidrs}"]
|
|
security_group_id = "sg-123456"
|
|
}
|
|
|
|
// Limit MFA traffic to specific regions
|
|
resource "aws_security_group_rule" "allow_all_to_duo_uk" {
|
|
type = "egress"
|
|
from_port = 0
|
|
to_port = 443
|
|
protocol = "tcp"
|
|
cidr_blocks = ["${module.duo-ips.uk-cidrs}"]
|
|
security_group_id = "sg-123456"
|
|
}
|
|
|
|
// trusted endpoint requests are made from these ranges
|
|
// depending on what port your origin is using, pick the correct port here as well.
|
|
resource "aws_security_group_rule" "allow_all_from_duo_in_ingress" {
|
|
type = "ingress"
|
|
from_port = 0
|
|
to_port = 443
|
|
protocol = "tcp"
|
|
cidr_blocks = ["${module.duo-ips.trusted-endpoint-india-cidrs}"]
|
|
security_group_id = "sg-123456"
|
|
}
|
|
```
|
|
|
|
## Outputs
|
|
|
|
| Name | Description |
|
|
|------|-------------|
|
|
| ad\_hostnames\_asean | Map of Duo's Microsoft Azure Active Directory Conditional Access application for ASEAN deployments |
|
|
| ad\_hostnames\_au | Map of Duo's Microsoft Azure Active Directory Conditional Access application for AU deployments |
|
|
| ad\_hostnames\_ca | Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments |
|
|
| ad\_hostnames\_eu | Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments |
|
|
| ad\_hostnames\_in | Map of Duo's Microsoft Azure Active Directory Conditional Access application for IN deployments |
|
|
| ad\_hostnames\_jp | Map of Duo's Microsoft Azure Active Directory Conditional Access application for Japan deployments |
|
|
| ad\_hostnames\_uk | Map of Duo's Microsoft Azure Active Directory Conditional Access application for UK deployments |
|
|
| ad\_hostnames\_us | Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments |
|
|
| australia-cidrs | List of Duo's Service CIDRs for australia deployments |
|
|
| canada-cidrs | List of Duo's Service CIDRs for canada deployments |
|
|
| central-europe-cidrs | List of Duo's Service CIDRs for central-europe deployments |
|
|
| cidrs | List of all Duo Service CIDRs. Allow for egress to Duo |
|
|
| emea-cidrs | List of Duo's Service CIDRs for EMEA deployments |
|
|
| india-cidrs | List of Duo's Service CIDRs for india deployments |
|
|
| japan-cidrs | List of Duo's Service CIDRs for japan deployments |
|
|
| southeast-asia-cidrs | List of Duo's Service CIDRs for southeast-asia deployments |
|
|
| trusted-endpoint-australia-cidrs | List of Duo's Trusted Endpoint CIDRs for Australia Deployments |
|
|
| trusted-endpoint-canada-cidrs | List of Duo's Trusted Endpoint CIDRs for Canda Deployments |
|
|
| trusted-endpoint-central-europe-cidrs | List of Duo's Trusted Endpoint CIDRs for Central Europe Deployments |
|
|
| trusted-endpoint-emea-cidrs | List of Duo's Trusted Endpoint CIDRs for EMEA Deployments |
|
|
| trusted-endpoint-india-cidrs | List of Duo's Trusted Endpoint CIDRs for India Deployments |
|
|
| trusted-endpoint-japan-cidrs | List of Duo's Trusted Endpoint CIDRs for Japan Deployments |
|
|
| trusted-endpoint-southeast-asia-cidrs | List of Duo's Trusted Endpoint CIDRs for Southeast Asia Deployments |
|
|
| trusted-endpoint-uk-cidrs | List of Duo's Trusted Endpoint CIDRs for UK Deployments |
|
|
| trusted-endpoint-us-cidrs | List of Duo's Trusted Endpoint CIDRs for US Deployments |
|
|
| trusted\_endpoints\_cidrs | List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo |
|
|
| uk-cidrs | List of Duo's Service CIDRs for UK deployments |
|
|
| us-cidrs | List of Duo's Service CIDRs for US deployments |
|
|
|
|
## Changelog
|
|
|
|
### 1.3.0
|
|
- Added new outputs for various regions
|
|
- New regions added: UK/India
|
|
|
|
### 1.2.0
|
|
- Added new CIDRs
|
|
|
|
### 1.1.0
|
|
|
|
- Removed `http://` from hostname values.
|
|
|
|
### 1.0.3
|
|
|
|
- Changed the terraform registry module name from [`duo-whitelist`](https://registry.terraform.io/modules/captn3m0/duo-whitelist) to [`duo-ips`](https://registry.terraform.io/modules/captn3m0/duo-ips).
|
|
- Renamed `duo_ad_hostnames_us` to `ad_hostnames_us`
|
|
|
|
# LICENSE
|
|
|
|
Licensed under MIT. See [nemo.mit-license.org](https://nemo.mit-license.org/) for complete text.
|