From d5f0befb0b4869574ee05f7f5ec9b49fc2ab1419 Mon Sep 17 00:00:00 2001 From: Nemo Date: Tue, 21 Apr 2020 15:55:53 +0530 Subject: [PATCH] Adds Looker IP addresses for GCP-hosted instances --- CHANGELOG.md | 11 ++- README.md | 66 ++++++++++------- locals.tf | 37 ++++++++++ outputs.tf | 198 ++++++++++++++++++++++++++++++++++++++++++--------- 4 files changed, 254 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b8496ef..6f8d486 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [1.1.2][1.1.2] - 2020-03-209 +## [1.2.0][1.2.0] - 2020-04-1 + +### Added + +- Added Looker IP addresses for GCP hosted instances. + +## [1.1.2][1.1.2] - 2020-03-20 ### Added @@ -35,7 +41,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Initial Release -[unreleased]: https://github.com/captn3m0/terraform-data-looker-ips/compare/1.1.2...HEAD +[unreleased]: https://github.com/captn3m0/terraform-data-looker-ips/compare/1.2.0...HEAD +[1.1.2]: https://github.com/captn3m0/terraform-data-looker-ips/compare/1.2.0...1.1.2 [1.1.2]: https://github.com/captn3m0/terraform-data-looker-ips/compare/1.1.2...1.1.1 [1.1.1]: https://github.com/captn3m0/terraform-data-looker-ips/compare/1.1.1...1.1.0 [1.1.0]: https://github.com/captn3m0/terraform-data-looker-ips/compare/1.1.0...1.0.0 diff --git a/README.md b/README.md index 5442a78..1494f46 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,18 @@ # terraform-data-looker-ips -Looker's IP addresses, -as per [their documentation](https://docs.looker.com/setup-and-management/enabling-secure-db). +Looker's IP addresses, as per [their documentation](https://docs.looker.com/setup-and-management/enabling-secure-db). -> All network traffic from Looker will come from one of the following IP addresses, based on the region where your Looker instance is hosted. Please whitelist each of the IP addresses in the appropriate region listed below. These whitelist IP addresses also apply for SFTP and SMTP destinations. +> All network traffic from Looker will come from one of the following IP addresses, based on the host+region where your Looker instance is hosted. Please whitelist each of the IP addresses in the appropriate region listed below. These whitelist IP addresses also apply for SFTP and SMTP destinations. Starting April 2020, Looker-hosted instances are hosted on GCP by default. # Usage ``` module "looker-ips" { source = "captn3m0/looker-ips/data" - version = "1.1.2" + version = "1.2.0" } -resource "aws_security_group_rule" "allow_all_from_looker_us" { +resource "aws_security_group_rule" "allow_all_from_looker_aws_us" { type = "ingress" from_port = 0 to_port = 443 @@ -26,26 +25,45 @@ resource "aws_security_group_rule" "allow_all_from_looker_us" { ## Outputs All output variables are lists. The output names are based on 2 letter -[ISO country codes][3166] and [common continent codes](https://datahub.io/core/continent-codes#readme) +[ISO country codes][3166] and [common continent codes](https://datahub.io/core/continent-codes#readme) for instances hosted in AWS. For instances hosted in GCP, [the corresponding region codes are used](https://cloud.google.com/compute/docs/regions-zones). -| Name | Description | -| ---------- | -------------------------------------------- | -| `as` | Looker IP Addresses in Asia | -| `as_cidr` | Looker IP Addresses in Asia in CIDR | -| `au` | Looker IP Addresses in Australia | -| `au_cidr` | Looker IP Addresses in Australia in CIDR | -| `ca` | Looker IP Addresses in Canada | -| `ca_cidr` | Looker IP Addresses in Canada in CIDR | -| `de` | Looker IP Addresses in Germany | -| `de_cidr` | Looker IP Addresses in Germany in CIDR | -| `ie` | Looker IP Addresses in Ireland | -| `ie_cidr` | Looker IP Addresses in Ireland in CIDR | -| `sa` | Looker IP Addresses in South America | -| `sa_cidr` | Looker IP Addresses in South America in CIDR | -| `us` | Looker IP Addresses in United States | -| `us_cidr` | Looker IP Addresses in United States in CIDR | -| `all_ips` | Looker IP addresses everywhere | -| `all_cidr` | Looker IP addresses everywhere in CIDR | +To decide which one you need to use, you will need to know: + +1. Whether your instance is hosted in GCP or AWS? +2. Which region/country it is hosted in? + +| Name | Description | +|------|-------------| +| all\_cidr | Looker IP addresses everywhere in CIDR | +| all\_ips | Looker IP addresses everywhere (both AWS and GCP) | +| as | Looker IP Addresses in Asia (AWS only) | +| as\_cidr | Looker IP Addresses in Asia in CIDR (AWS only) | +| au | Looker IP Addresses in Australia (AWS only) | +| au\_cidr | Looker IP Addresses in Australia in CIDR (AWS only) | +| aws\_cidr | Looker IP addresses everywhere in CIDR (AWS only) | +| aws\_ips | Looker IP addresses everywhere (AWS only) | +| ca | Looker IP Addresses in Canada (AWS only) | +| ca\_cidr | Looker IP Addresses in Canada in CIDR (AWS only) | +| de | Looker IP Addresses in Germany (AWS only) | +| de\_cidr | Looker IP Addresses in Germany in CIDR (AWS only) | +| gcp\_cidr | Looker IP addresses everywhere in CIDR (GCP only) | +| gcp\_europe\_west2\_cidr | Looker CIDRs for instances hosted in GCP (London / europe-west2) | +| gcp\_europe\_west2\_ips | Looker IPs for instances hosted in GCP (London / europe-west2) | +| gcp\_europe\_west3\_cidr | Looker CIDRs for instances hosted in GCP (Frankfurt / europe-west3) | +| gcp\_europe\_west3\_ips | Looker IPs for instances hosted in GCP (Frankfurt / europe-west3) | +| gcp\_ips | Looker IP addresses everywhere (GCP only) | +| gcp\_us\_east1\_cidr | Looker CIDRs for instances hosted in GCP (South Carolina / us-east1) | +| gcp\_us\_east1\_ips | Looker IPs for instances hosted in GCP (South Carolina / us-east1) | +| gcp\_us\_east4\_cidr | Looker CIDRs for instances hosted in GCP (Northern Virginia / us-east4) | +| gcp\_us\_east4\_ips | Looker IPs for instances hosted in GCP (Northern Virginia / us-east4) | +| gcp\_us\_west1\_cidr | Looker CIDRs for instances hosted in GCP (Oregon / us-west1) | +| gcp\_us\_west1\_ips | Looker IPs for instances hosted in GCP (Oregon / us-west1) | +| ie | Looker IP Addresses in Ireland (AWS only) | +| ie\_cidr | Looker IP Addresses in Ireland in CIDR (AWS only) | +| sa | Looker IP Addresses in South America (AWS only) | +| sa\_cidr | Looker IP Addresses in South America in CIDR (AWS only) | +| us | Looker IP Addresses in United States (AWS only) | +| us\_cidr | Looker IP Addresses in United States in CIDR (AWS only) | # Changelog diff --git a/locals.tf b/locals.tf index 76671e1..ff0b724 100644 --- a/locals.tf +++ b/locals.tf @@ -1,4 +1,41 @@ locals { + + // South Carolina + gcp-us-east1 = [ + "35.196.243.26", + "35.196.36.95", + ] + + // Northern Virginia + gcp-us-east4 = [ + "35.186.176.0", + "35.245.211.109", + "35.245.121.2", + ] + + # Oregon + gcp-us-west1 = [ + "34.82.227.133", + "35.233.172.23", + "34.83.141.137", + "34.83.151.46", + "35.185.199.172", + ] + + # London + gcp-europe-west2 = [ + "35.246.117.58", + "34.89.40.253" + ] + + + # Frankfurt + gcp-europe-west3 = [ + "34.89.161.120", + "34.89.225.213" + ] + + us = [ "54.208.10.167", "54.209.116.191", diff --git a/outputs.tf b/outputs.tf index 4900f0e..c0e176e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,97 +1,231 @@ output "us" { - description = "Looker IP Addresses in United States" + description = "Looker IP Addresses in United States (AWS only)" value = "${local.us}" } output "ca" { - description = "Looker IP Addresses in Canada" + description = "Looker IP Addresses in Canada (AWS only)" value = "${local.ca}" } output "as" { - description = "Looker IP Addresses in Asia" + description = "Looker IP Addresses in Asia (AWS only)" value = "${local.as}" } output "ie" { - description = "Looker IP Addresses in Ireland" + description = "Looker IP Addresses in Ireland (AWS only)" value = "${local.ie}" } output "de" { - description = "Looker IP Addresses in Germany" + description = "Looker IP Addresses in Germany (AWS only)" value = "${local.de}" } output "au" { - description = "Looker IP Addresses in Australia" + description = "Looker IP Addresses in Australia (AWS only)" value = "${local.au}" } output "sa" { - description = "Looker IP Addresses in South America" + description = "Looker IP Addresses in South America (AWS only)" value = "${local.sa}" } -output "all_ips" { - description = "Looker IP addresses everywhere" +output "aws_ips" { + description = "Looker IP addresses everywhere (AWS only)" value = "${concat( - local.us, - local.ca, - local.as, - local.ie, - local.de, - local.au, - local.sa, - )}" + local.gcp-us-east1, + local.gcp-us-east4, + local.gcp-us-west1, + local.gcp-europe-west2, + local.gcp-europe-west3, + )}" } output "us_cidr" { - description = "Looker IP Addresses in United States in CIDR" + description = "Looker IP Addresses in United States in CIDR (AWS only)" value = ["${formatlist("%s/32", local.us)}"] } output "ca_cidr" { - description = "Looker IP Addresses in Canada in CIDR" + description = "Looker IP Addresses in Canada in CIDR (AWS only)" value = ["${formatlist("%s/32", local.ca)}"] } output "as_cidr" { - description = "Looker IP Addresses in Asia in CIDR" + description = "Looker IP Addresses in Asia in CIDR (AWS only)" value = ["${formatlist("%s/32", local.as)}"] } output "ie_cidr" { - description = "Looker IP Addresses in Ireland in CIDR" + description = "Looker IP Addresses in Ireland in CIDR (AWS only)" value = ["${formatlist("%s/32", local.ie)}"] } output "de_cidr" { - description = "Looker IP Addresses in Germany in CIDR" + description = "Looker IP Addresses in Germany in CIDR (AWS only)" value = ["${formatlist("%s/32", local.de)}"] } output "au_cidr" { - description = "Looker IP Addresses in Australia in CIDR" + description = "Looker IP Addresses in Australia in CIDR (AWS only)" value = ["${formatlist("%s/32", local.au)}"] } output "sa_cidr" { - description = "Looker IP Addresses in South America in CIDR" + description = "Looker IP Addresses in South America in CIDR (AWS only)" value = ["${formatlist("%s/32", local.sa)}"] } +output "aws_cidr" { + description = "Looker IP addresses everywhere in CIDR (AWS only)" + + value = "${formatlist("%s/32", concat( + local.us, + local.ca, + local.as, + local.ie, + local.de, + local.au, + local.sa, + ))}" +} + +# GCP Section Begins + +##### GCP IPs ##### + +// South Carolina +output "gcp_us_east1_ips" { + description = "Looker IPs for instances hosted in GCP (South Carolina / us-east1)" + value = "${local.gcp-us-east1}" +} + +// Northern Virginia +output "gcp_us_east4_ips" { + description = "Looker IPs for instances hosted in GCP (Northern Virginia / us-east4)" + value = "${local.gcp-us-east4}" +} + +// Oregon +output "gcp_us_west1_ips" { + description = "Looker IPs for instances hosted in GCP (Oregon / us-west1)" + value = "${local.gcp-us-west1}" +} + +// London +output "gcp_europe_west2_ips" { + description = "Looker IPs for instances hosted in GCP (London / europe-west2)" + value = "${local.gcp-europe-west2}" +} + +// Frankfurt +output "gcp_europe_west3_ips" { + description = "Looker IPs for instances hosted in GCP (Frankfurt / europe-west3)" + value = "${local.gcp-europe-west3}" +} + +// South Carolina +output "gcp_us_east1_cidr" { + description = "Looker CIDRs for instances hosted in GCP (South Carolina / us-east1)" + value = ["${formatlist("%s/32", local.gcp-us-east1)}"] +} + +##### GCP CIDRs ##### + +// Northern Virginia +output "gcp_us_east4_cidr" { + description = "Looker CIDRs for instances hosted in GCP (Northern Virginia / us-east4)" + value = ["${formatlist("%s/32", local.gcp-us-east4)}"] +} + +// Oregon +output "gcp_us_west1_cidr" { + description = "Looker CIDRs for instances hosted in GCP (Oregon / us-west1)" + value = ["${formatlist("%s/32", local.gcp-us-west1)}"] +} + +// London +output "gcp_europe_west2_cidr" { + description = "Looker CIDRs for instances hosted in GCP (London / europe-west2)" + value = ["${formatlist("%s/32", local.gcp-europe-west2)}"] +} + +// Frankfurt +output "gcp_europe_west3_cidr" { + description = "Looker CIDRs for instances hosted in GCP (Frankfurt / europe-west3)" + value = ["${formatlist("%s/32", local.gcp-europe-west3)}"] +} + +##### GCP Common #### + +output "gcp_cidr" { + description = "Looker IP addresses everywhere in CIDR (GCP only)" + + value = "${formatlist("%s/32", concat( + local.gcp-us-east1, + local.gcp-us-east4, + local.gcp-us-west1, + local.gcp-europe-west2, + local.gcp-europe-west3, + ))}" +} + + +output "gcp_ips" { + description = "Looker IP addresses everywhere (GCP only)" + + value = "${concat( + local.us, + local.ca, + local.as, + local.ie, + local.de, + local.au, + local.sa, + )}" +} + +##### Combined AWS+GCP ##### + output "all_cidr" { description = "Looker IP addresses everywhere in CIDR" value = "${formatlist("%s/32", concat( - local.us, - local.ca, - local.as, - local.ie, - local.de, - local.au, - local.sa, - ))}" + local.gcp-us-east1, + local.gcp-us-east4, + local.gcp-us-west1, + local.gcp-europe-west2, + local.gcp-europe-west3, + local.us, + local.ca, + local.as, + local.ie, + local.de, + local.au, + local.sa, + ))}" +} + + +output "all_ips" { + description = "Looker IP addresses everywhere (both AWS and GCP)" + + value = "${concat( + local.gcp-us-east1, + local.gcp-us-east4, + local.gcp-us-west1, + local.gcp-europe-west2, + local.gcp-europe-west3, + local.us, + local.ca, + local.as, + local.ie, + local.de, + local.au, + local.sa, + )}" }