nemo
/
terraform-data-newrelic-whitelist
mirror of https://github.com/captn3m0/terraform-data-newrelic-whitelist.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updates for new release

This commit is contained in:
Nemo 2020-10-23 14:44:34 +05:30
parent 6d3533e4e0
commit 8aa69c7a62
3 changed files with 115 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
README.md
View File

@ -1,15 +1,18 @@
# terraform-data-newrelic-whitelist ![](https://img.shields.io/badge/license-MIT-blue.svg) ![GitHub issues](https://img.shields.io/github/issues/captn3m0/muse-dl) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
# terraform-data-newrelic-whitelist ![](https://img.shields.io/badge/license-MIT-blue.svg) ![GitHub issues](https://img.shields.io/github/issues/captn3m0/terraform-data-newrelic-whitelist) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
This module provides lists of the IP addresses and domains used by various New Relic agents and services (for example, https://collector.newrelic.com) for communicating with the New Relic agent installed on your server.
This is maintained against https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/networks
This is maintained against the following sources:
- https://docs.newrelic.com/docs/apm/new-relic-apm/getting-started/networks a
- https://docs.newrelic.com/docs/synthetics/synthetic-monitoring/administration/synthetic-public-minion-ips
# Usage
```hcl
module "newrelic-whitelist" {
source = "captn3m0/newrelic-whitelist/data"
version = "2020.01.22"
version = "2020.10.22"
}
resource "aws_security_group_rule" "allow_all_to_newrelic" {
@ -24,41 +27,44 @@ resource "aws_security_group_rule" "allow_all_to_newrelic" {
## Outputs
| Name | Description |
| ----------------------------- | ----------------------------------------------------------------------------------- |
| apm_cidrs | List of all New Relic APM CIDRs. Whitelist for egress against 443 |
| apm_cidrs_eu | List of New Relic APM CIDRs (EU). Whitelist for egress against 443 |
| apm_cidrs_us | List of New Relic APM CIDRs (US). Whitelist for egress against 443 |
| apm_domains | List of all New Relic APM Domains. Whitelist for egress against 443 |
| apm_domains_eu | List of New Relic APM Domains (EU). Whitelist for egress against 443 |
| apm_domains_us | List of New Relic APM Domains (US). Whitelist for egress against 443 |
| browser_domains | List of all New Relic Browser application domains. |
| browser_domains_eu | List of New Relic Browser application domains (EU). |
| browser_domains_us | List of New Relic Browser application domains (US). |
| infra_cidrs | List of all New Relic Infrastructure Agent CIDRs. Whitelist for egress against 443 |
| infra_cidrs_eu | List of New Relic Infrastructure Agent CIDRs (EU). Whitelist for egress against 443 |
| infra_cidrs_us | List of New Relic Infrastructure Agent CIDRs (US). Whitelist for egress against 443 |
| mobile_domains | List of all New Relic Mobile Application domains. |
| mobile_domains_eu | List of New Relic Mobile application domains (EU). |
| mobile_domains_us | List of New Relic Mobile Application domains (US). |
| synthetics_cidrs | List of New Relic Synthetic Minion IPs as /32 CIDR for both US and EU accounts |
| synthetics_cidrs_eu | List of New Relic Synthetic Minion IPs as /32 CIDR for EU accounts |
| synthetics_cidrs_us | List of New Relic Synthetic Minion IPs as /32 CIDR for US accounts |
| synthetics_ips | List of New Relic Synthetic Minion IPs for both US and EU accounts |
| synthetics_ips_eu | List of New Relic Synthetic Minion IPs for EU accounts |
| synthetics_ips_us | List of New Relic Synthetic Minion IPs for US accounts |
| synthetics_private_cidrs_eu | Synthetic Private Minion endpoint IPs as CIDR ranges for EU accounts |
| synthetics_private_cidrs_us | Synthetic Private Minion endpoint IPs as CIDR ranges for US accounts |
| synthetics_private_domains_eu | Synthetic Private Minion endpoint Domains for EU accounts |
| synthetics_private_domains_us | Synthetic Private Minion endpoint Domains for US accounts |
| synthetics_private_ips_eu | Synthetic Private Minion endpoint IPs for eu accounts |
| synthetics_private_ips_us | Synthetic Private Minion endpoint IPs for US accounts |
| ticketing_cidrs | Third-party ticketing integrations will be sent from these CIDRs |
| ticketing_cidrs_eu | Same as ticketing_cidrs, but exclusively for EU accounts |
| ticketing_cidrs_us | Same as ticketing_cidrs, but exclusively for US accounts |
| webhook_cidrs | New Relic-generated webhooks for alert policies will be sent from these CIDRs |
| webhook_cidrs_eu | Same as webhook_cidrs, but exclusively for EU accounts |
| webhook_cidrs_us | Same as webhook_cidrs, but exclusively for US accounts |
| Name | Description |
|------|-------------|
| apm\_agent\_domains | Wildcard domain endpoints used by APM agents (For both US and EU accounts) |
| apm\_agent\_domains\_eu | Wildcard domain endpoints used by APM agents (For EU accounts) |
| apm\_agent\_domains\_us | Wildcard domain endpoints used by APM agents (For US accounts) |
| apm\_cidrs | List of all New Relic APM CIDRs. Whitelist for egress against 443 |
| apm\_cidrs\_eu | List of New Relic APM CIDRs (EU). Whitelist for egress against 443 |
| apm\_cidrs\_us | List of New Relic APM CIDRs (US). Whitelist for egress against 443 |
| browser\_domains | List of all New Relic Browser application domains. |
| browser\_domains\_eu | List of New Relic Browser application domains (EU). |
| browser\_domains\_us | List of New Relic Browser application domains (US). |
| infra\_agent\_domains | In order to report data to New Relic, Infrastructure needs outbound access to these domains (For both US and EU accounts) |
| infra\_agent\_domains\_eu | In order to report data to New Relic, Infrastructure needs outbound access to these domains (For EU accounts) |
| infra\_agent\_domains\_us | In order to report data to New Relic, Infrastructure needs outbound access to these domains (For US accounts) |
| infra\_cidrs | List of all New Relic Infrastructure Agent CIDRs. Whitelist for egress against 443 |
| infra\_cidrs\_eu | List of New Relic Infrastructure Agent CIDRs (EU). Whitelist for egress against 443 |
| infra\_cidrs\_us | List of New Relic Infrastructure Agent CIDRs (US). Whitelist for egress against 443 |
| mobile\_domains | List of all New Relic Mobile Application domains. |
| mobile\_domains\_eu | List of New Relic Mobile application domains (EU). |
| mobile\_domains\_us | List of New Relic Mobile Application domains (US). |
| synthetics\_cidrs | List of New Relic Synthetic Minion IPs as /32 CIDR for both US and EU accounts |
| synthetics\_cidrs\_eu | List of New Relic Synthetic Minion IPs as /32 CIDR for EU accounts |
| synthetics\_cidrs\_us | List of New Relic Synthetic Minion IPs as /32 CIDR for US accounts |
| synthetics\_ips | List of New Relic Synthetic Minion IPs for both US and EU accounts |
| synthetics\_ips\_eu | List of New Relic Synthetic Minion IPs for EU accounts |
| synthetics\_ips\_us | List of New Relic Synthetic Minion IPs for US accounts |
| synthetics\_private\_cidrs\_eu | Synthetic Private Minion endpoint IPs as CIDR ranges for EU accounts |
| synthetics\_private\_cidrs\_us | Synthetic Private Minion endpoint IPs as CIDR ranges for US accounts |
| synthetics\_private\_domains\_eu | Synthetic Private Minion endpoint Domains for EU accounts |
| synthetics\_private\_domains\_us | Synthetic Private Minion endpoint Domains for US accounts |
| synthetics\_private\_ips\_eu | Synthetic Private Minion endpoint IPs for eu accounts |
| synthetics\_private\_ips\_us | Synthetic Private Minion endpoint IPs for US accounts |
| ticketing\_cidrs | Third-party ticketing integrations will be sent from these CIDRs (US and EU) |
| ticketing\_cidrs\_eu | Third-party ticketing integrations will be sent from these CIDRs (EU only) |
| ticketing\_cidrs\_us | Third-party ticketing integrations will be sent from these CIDRs (US only) |
| webhook\_cidrs | New Relic-generated webhooks for alert policies will be sent from these CIDRs (US and EU) |
| webhook\_cidrs\_eu | Same as webhook\_cidrs, but exclusively for EU accounts |
| webhook\_cidrs\_us | Same as webhook\_cidrs, but exclusively for US accounts |
# Versioning
@ -66,6 +72,12 @@ This module is versioned as per the New Relic "Last Updated" date on [the docs w
If another release has to be made against the same date, they will be suffixed with a `-1`, or `-2` etc.
## 2020.10.22
### Fixes
- `apm_domains` was mis-leading. Split it into `apm_agent_domains` and `infra_agent_domains`.
# LICENSE
Licensed under MIT. See [nemo.mit-license.org](https://nemo.mit-license.org/) for complete text.

44
locals.tf
View File

@ -1,7 +1,6 @@
locals {
apm = {
us = [
"50.31.164.0/24",
"162.247.240.0/22",
]
@ -10,23 +9,34 @@ locals {
]
}
apm_domains = {
apm_agent_domains = {
us = [
"collector*.newrelic.com",
]
eu = [
"collector*.eu01.nr-data.net"
]
}
infra_agent_domains = {
us = [
"infra-api.newrelic.com",
"identity-api.newrelic.com",
"infrastructure-command-api.newrelic.com",
"log-api.newrelic.com",
]
eu = [
"infra-api.eu01.nr-data.net",
"infra-api.eu.newrelic.com",
"identity-api.eu.newrelic.com",
"infrastructure-command-api.eu.newrelic.com",
"log-api.eu.newrelic.com",
]
}
infra = {
us = [
"50.31.164.0/24",
"162.247.240.0/22",
]
@ -61,12 +71,12 @@ locals {
]
}
ticketing_and_webhooks_us = [
api_us = [
"50.31.164.0/24",
"162.247.240.0/22",
]
ticketing_and_webhooks_eu = [
api_eu = [
"158.177.65.64/29",
"159.122.103.184/29",
"161.156.125.32/28",
@ -91,6 +101,7 @@ locals {
# Documented at https://docs.newrelic.com/docs/synthetics/new-relic-synthetics/administration/synthetics-public-minion-ips#locations-labels
# https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/production/ip.json
# curl --silent https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/production/ip.json | jq ' .[] | .[]' | sort | sed -z 's/\n/,\n/g'
# Keep this list sorted.
synthetics_us = [
"13.114.248.197",
@ -100,6 +111,9 @@ locals {
"13.228.39.146",
"13.237.52.169",
"13.239.163.169",
"13.244.134.146",
"13.244.44.41",
"13.245.57.13",
"13.48.110.136",
"13.48.9.24",
"13.53.195.221",
@ -109,6 +123,9 @@ locals {
"13.56.137.180",
"13.56.174.59",
"13.56.215.207",
"15.161.119.200",
"15.161.69.157",
"15.161.87.25",
"157.175.116.90",
"157.175.118.77",
"157.175.21.254",
@ -135,9 +152,6 @@ locals {
"3.220.18.219",
"3.221.145.110",
"3.221.27.116",
"3.9.187.63",
"3.9.213.212",
"3.9.92.122",
"34.201.89.115",
"34.212.63.124",
"34.216.201.131",
@ -154,6 +168,9 @@ locals {
"35.177.31.93",
"35.178.22.102",
"35.182.104.198",
"3.9.187.63",
"3.9.213.212",
"3.9.92.122",
"52.21.22.43",
"52.36.251.118",
"52.44.71.247",
@ -181,16 +198,23 @@ locals {
]
# https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/eu/ip.json
# curl --silent https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/eu/ip.json | jq ' .[] | .[]' | sort | sed -z 's/\n/,\n/g'
# Keep this list sorted
synthetics_eu = [
"13.124.210.74",
"13.234.196.179",
"13.235.112.208",
"13.237.25.50",
"13.244.152.204",
"13.245.42.49",
"13.245.47.145",
"13.48.119.249",
"13.48.122.131",
"13.48.93.230",
"13.52.82.190",
"15.161.170.5",
"15.161.19.109",
"15.161.30.132",
"15.188.0.93",
"15.188.24.216",
"157.175.106.232",
@ -209,9 +233,9 @@ locals {
"3.104.27.23",
"3.113.168.207",
"3.114.96.177",
"3.13.7.11",
"3.130.155.242",
"3.130.159.252",
"3.13.7.11",
"3.209.231.131",
"3.221.162.190",
"3.226.130.207",

47
outputs.tf
View File

@ -13,19 +13,34 @@ output "apm_cidrs_eu" {
value = ["${local.apm["eu"]}"]
}
output "apm_domains" {
output "apm_agent_domains" {
description = "Wildcard domain endpoints used by APM agents (For both US and EU accounts)"
value = ["${concat(local.apm_agent_domains["us"], local.apm_agent_domains["eu"])}"]
}
output "apm_agent_domains_us" {
description = "Wildcard domain endpoints used by APM agents (For US accounts)"
value = ["${local.apm_agent_domains["us"]}"]
}
output "apm_agent_domains_eu" {
description = "Wildcard domain endpoints used by APM agents (For EU accounts)"
value = ["${local.apm_agent_domains["eu"]}"]
}
output "infra_agent_domains" {
description = "In order to report data to New Relic, Infrastructure needs outbound access to these domains (For both US and EU accounts)"
value = ["${concat(local.apm_domains["us"], local.apm_domains["eu"])}"]
value = ["${concat(local.infra_agent_domains["us"], local.infra_agent_domains["eu"])}"]
}
output "apm_domains_us" {
output "infra_agent_domains_us" {
description = "In order to report data to New Relic, Infrastructure needs outbound access to these domains (For US accounts)"
value = ["${local.apm_domains["us"]}"]
value = ["${local.infra_agent_domains["us"]}"]
}
output "apm_domains_eu" {
output "infra_agent_domains_eu" {
description = "In order to report data to New Relic, Infrastructure needs outbound access to these domains (For EU accounts)"
value = ["${local.apm_domains["eu"]}"]
value = ["${local.infra_agent_domains["eu"]}"]
}
output "infra_cidrs" {
@ -136,33 +151,33 @@ output "synthetics_cidrs_eu" {
}
output "ticketing_cidrs" {
description = "Third-party ticketing integrations will be sent from these CIDRs"
value = ["${concat(local.ticketing_and_webhooks_us, local.ticketing_and_webhooks_eu)}"]
description = "Third-party ticketing integrations will be sent from these CIDRs (US and EU)"
value = ["${concat(local.api_us, local.api_eu)}"]
}
output "ticketing_cidrs_us" {
description = "Same as ticketing_cidrs, but exclusively for US accounts"
value = ["${local.ticketing_and_webhooks_us}"]
description = "Third-party ticketing integrations will be sent from these CIDRs (US only)"
value = ["${local.api_us}"]
}
output "ticketing_cidrs_eu" {
description = "Same as ticketing_cidrs, but exclusively for EU accounts"
value = ["${local.ticketing_and_webhooks_eu}"]
description = "Third-party ticketing integrations will be sent from these CIDRs (EU only)"
value = ["${local.api_eu}"]
}
# The webhook_* outputs are same as ticketing_
output "webhook_cidrs" {
description = "New Relic-generated webhooks for alert policies will be sent from these CIDRs"
value = ["${concat(local.ticketing_and_webhooks_us, local.ticketing_and_webhooks_eu)}"]
description = "New Relic-generated webhooks for alert policies will be sent from these CIDRs (US and EU)"
value = ["${concat(local.api_us, local.api_eu)}"]
}
output "webhook_cidrs_us" {
description = "Same as webhook_cidrs, but exclusively for US accounts"
value = ["${local.ticketing_and_webhooks_us}"]
value = ["${local.api_us}"]
}
output "webhook_cidrs_eu" {
description = "Same as webhook_cidrs, but exclusively for EU accounts"
value = ["${local.ticketing_and_webhooks_eu}"]
value = ["${local.api_eu}"]
}