pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds list of users for access to storage and more service endpoints

Browse Source 
This sets up the rest of the service endpoints on the subnets. It also
adds a variable map specifically to grant IP access to the storage
buckets. This new variable map is necessary since the azure storage ip
rules do not accept /32 CIDR ranges. The rest of the services do support
cidr ranges.
This commit is contained in:
Rob Gil
2020-01-23 18:41:29 -05:00
parent 536eccdb90
commit 38ce1ef2b2
3 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
terraform/modules/bucket/main.tf
View File

@@ -24,10 +24,10 @@ resource "azurerm_storage_account_network_rules" "acls" {
storage_account_name = azurerm_storage_account.bucket.name
default_action = var.policy
# Azure Storage CIDR ACLs do not accept /32 CIDR ranges, so
# it must be stripped to just the IP (no CIDR)
# Azure Storage CIDR ACLs do not accept /32 CIDR ranges.
ip_rules = [
for cidr in values(var.whitelist) : cidrhost(cidr, 0)
for cidr in values(var.whitelist) : cidr
]
virtual_network_subnet_ids = var.subnet_ids
bypass = ["AzureServices"]