This example deploys Cloud Armor to ensure requests to the default backend are coming from GitHub Webhooks, and adds another policy to restrict access to the IAP backend to an example CIDR.
Since IAP is enabled, two backend services will be created:
- atlantis: the backend to receive GitHub events, protected with Cloud Armor
- atlantis-iap: the backend to serve the Atlantis UI, protected with IAP
Read through the below before you deploy this module.
This module expects that you already own or create the below resources yourself.
- Google network, subnetwork and a Cloud NAT
- Service account, specifics can be found here
- Domain, specifics can be found here
If you prefer an example that includes the above resources, see complete example.
See main.tf and the server-atlantis.yaml.
Once you're done, see Configuring Webhooks for Atlantis