GithubHelp home page GithubHelp logo

suryendub / conditionalaccessforzerotrustresourcesterraform Goto Github PK

View Code? Open in Web Editor NEW
4.0 1.0 0.0 11 KB

This Repository Creates Sample Conditional Access Policies based on ConditionalAccessforZeroTrustResources framework from Microsoft

HCL 100.00%

conditionalaccessforzerotrustresourcesterraform's Introduction

Conditional Access for Zero Trust Resources Terraform Deployment

Terraform Code

This Repository creates Sample Conditional Access Policies based on theConditionalAccessforZeroTrustResources framework from Microsoft

persona_types = [
    "Internals",
    "Developers",
    "Externals",
    "Guests",
    "GuestAdmins",
    "CorpServiceAccounts",
    "Admins",
    "WorkloadIdentities",
  ]
  policy_types = [
    "BaseProtection",
    "AppProtection",
    "IdentityProtection",
    "DataProtection",
    "AttackSurfaceReduction",
  ]
  ring_types = [
    "Ring0",
    "Ring1",
    "Ring2",
    "Ring3",
  ]

  • azuread_named_location.tf - Creates the Named Locations for Conditional Access Policies based on the guidance.

  • data.tf- Creates the data sources for the Conditional Access Policies based on the guidance. In this case, we have used it to import the Microsoft Intune Enrollment Application which is excluded from one of the Conditional Access Policies.

Deployment

that automates the process of generating and applying Terraform plans for infrastructure changes. The workflow has two jobs: "terraform-plan" and "terraform-apply".

The terraform-plan job checks out the repository, installs the latest version of the Terraform CLI, initializes a new or existing Terraform working directory, checks that all configuration files adhere to a canonical format, logs in to Azure CLI with federated credentials, generates an execution plan for Terraform, saves the plan to artifacts, creates a string output of the Terraform plan, and publishes the Terraform plan as a task summary.

The terraform-apply job checks out the repository, installs the latest version of the Terraform CLI, logs in to Azure CLI with federated credentials, initializes a new or existing Terraform working directory, downloads the saved plan from artifacts, and applies the Terraform plan if there are pending changes.

As evident please update your GitHub Action secrets with the following values:

AZURE_CLIENT_ID 
AZURE_TENANT_ID 
ARM_ACCESS_KEY

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.