-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathterraform.tfvars
79 lines (78 loc) · 2.09 KB
/
terraform.tfvars
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
//For now the associates are to the folders created in 00-tfc-bootstrap
associations = ["dev", "stg", "prd", "shared"]
rules = {
delegate-rfc1918-ingress = {
description = "Delegate RFC1918 ingress"
direction = "INGRESS"
action = "goto_next"
priority = 500
ranges = [
"192.168.0.0/16",
"10.0.0.0/8",
"172.16.0.0/12"
]
ports = { "all" = [] }
target_service_accounts = null
target_resources = null
logging = false
}
delegate-rfc1918-egress = {
description = "Delegate RFC1918 egress"
direction = "EGRESS"
action = "goto_next"
priority = 510
ranges = [
"192.168.0.0/16",
"10.0.0.0/8",
"172.16.0.0/12"
]
ports = { "all" = [] }
target_service_accounts = null
target_resources = null
logging = false
}
allow-iap-ssh-rdp = {
description = "Always allow SSH and RDP from IAP"
direction = "INGRESS"
action = "allow"
priority = 5000
ranges = ["35.235.240.0/20"]
ports = {
tcp = ["22", "3389"]
}
target_service_accounts = null
target_resources = null
logging = false
}
allow-windows-activation = {
description = "Always outgoing Windows KMS traffic (required to validate Windows licenses)"
direction = "EGRESS"
action = "allow"
priority = 5100
ranges = ["35.190.247.13/32"]
ports = {
tcp = ["1688"]
}
target_service_accounts = null
target_resources = null
logging = false
}
allow-google-hbs-and-hcs = {
description = "Always allow connections from Google load balancer and health check ranges"
direction = "INGRESS"
action = "allow"
priority = 5200
ranges = [
"35.191.0.0/16",
"130.211.0.0/22",
"209.85.152.0/22",
"209.85.204.0/22"
]
ports = {
tcp = ["80", "443"]
}
target_service_accounts = null
target_resources = null
logging = false
}
}