2023-08-09 04:23:07 -07:00
|
|
|
# skip boilerplate check
|
2023-10-25 07:16:05 -07:00
|
|
|
---
|
|
|
|
# Terraform will be unable to decode this file if it does not contain valid YAML
|
|
|
|
# You can retain `---` (start of the document) to indicate an empty document.
|
2023-08-09 04:23:07 -07:00
|
|
|
|
2023-10-24 12:46:04 -07:00
|
|
|
# allow-admins:
|
|
|
|
# description: Access from the admin subnet to all subnets
|
|
|
|
# priority: 1000
|
|
|
|
# match:
|
|
|
|
# source_ranges:
|
|
|
|
# - rfc1918
|
2023-08-09 04:23:07 -07:00
|
|
|
|
|
|
|
allow-healthchecks:
|
|
|
|
description: Enable HTTP and HTTPS healthchecks
|
|
|
|
priority: 1001
|
|
|
|
match:
|
|
|
|
source_ranges:
|
|
|
|
- healthchecks
|
2023-09-29 06:37:41 -07:00
|
|
|
layer4_configs:
|
2023-10-24 12:46:04 -07:00
|
|
|
- protocol: tcp
|
|
|
|
ports: ["80", "443"]
|
2023-08-09 04:23:07 -07:00
|
|
|
|
|
|
|
allow-ssh-from-iap:
|
|
|
|
description: Enable SSH from IAP
|
|
|
|
priority: 1002
|
2024-01-31 00:50:35 -08:00
|
|
|
enable_logging: true
|
2023-08-09 04:23:07 -07:00
|
|
|
match:
|
|
|
|
source_ranges:
|
|
|
|
- 35.235.240.0/20
|
2023-09-29 06:37:41 -07:00
|
|
|
layer4_configs:
|
2023-10-24 12:46:04 -07:00
|
|
|
- protocol: tcp
|
|
|
|
ports: ["22"]
|
2023-08-09 04:23:07 -07:00
|
|
|
|
|
|
|
allow-icmp:
|
|
|
|
description: Enable ICMP
|
|
|
|
priority: 1003
|
|
|
|
match:
|
|
|
|
source_ranges:
|
|
|
|
- 0.0.0.0/0
|
2023-09-29 06:37:41 -07:00
|
|
|
layer4_configs:
|
2023-10-24 12:46:04 -07:00
|
|
|
- protocol: icmp
|
|
|
|
|
|
|
|
allow-nat-ranges:
|
|
|
|
description: Enable NAT ranges for VPC serverless connector
|
2023-10-25 05:05:15 -07:00
|
|
|
priority: 1004
|
2023-10-24 12:46:04 -07:00
|
|
|
match:
|
|
|
|
source_ranges:
|
|
|
|
- 107.178.230.64/26
|
|
|
|
- 35.199.224.0/19
|