Skip to content
This repository has been archived by the owner on Nov 27, 2020. It is now read-only.

Commit

Permalink
Update for #8 including data structure variable and example
Browse files Browse the repository at this point in the history
  • Loading branch information
@arnaudlh
arnaudlh committed May 7, 2020
1 parent dba6029 commit 64adbce
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 101 deletions.
4 changes: 3 additions & 1 deletion README.md
View file
Expand Up @@ -5,14 +5,15 @@
Configures the Azure Activity Logs rention for a subscription into:
1. Event Hub for short term and fast access (optional).
2. Storage account for long term retention.
3. Log Analytics

Reference the module to a specific version (recommended):
```hcl
module "activity_logs" {
source = "aztfmod/caf-activity-logs/azurerm"
version = "0.x.y"
resource_group_name = var.rg
resource_group_name = var.rg
log_analytics_workspace_id = var.workspace_id
diagnostic_name = var.diagnostic_name
name = var.eventhub_name
Expand All @@ -26,6 +27,7 @@ module "activity_logs" {

| Name | Type | Default | Description |
| -- | -- | -- | -- |
| audit_settings_object | string | None | (Required) Contains the settings for Azure Audit activity log retention |
| resource_group_name | string | None | (Required) Name of the resource group where to create the resource. Changing this forces a new resource to be created. |
| diagnostic_name | string | None | (Required) Name of the diagnostic activity log |
| log_analytics_workspace_id | string | None | (Required) The resource ID of the target log analytics worksoace |
Expand Down
40 changes: 21 additions & 19 deletions examples/activity_logs/activity_logs.tf
View file
Expand Up @@ -6,29 +6,31 @@ resource "azurerm_resource_group" "rg_test" {

module "la_test" {
source = "aztfmod/caf-log-analytics/azurerm"
version = "0.1.0"
version = "2.0.1"

location = local.location
name = local.laname
solution_plan_map = {}
prefix = "log"
resource_group_name = azurerm_resource_group.rg_test.name
tags = local.tags
location = local.location
name = local.laname
solution_plan_map = {}
prefix = "log"
resource_group_name = azurerm_resource_group.rg_test.name
tags = local.tags
convention = local.convention
}

module "al_test" {
source = "../../"

convention = local.convention
location = local.location
name = local.name
diagnostic_name = local.diagnostic_name
log_analytics_workspace_id = module.la_test.id
prefix = local.prefix
tags = local.tags

resource_group_name = azurerm_resource_group.rg_test.name

logs_rentention = local.azure_activity_logs_retention
enable_event_hub = local.azure_activity_logs_event_hub
convention = local.convention
location = local.location
name = local.name
diagnostic_name = local.diagnostic_name
log_analytics_workspace_id = module.la_test.id
prefix = local.prefix
tags = local.tags
audit_settings_object = local.audit

resource_group_name = azurerm_resource_group.rg_test.name

logs_rentention = local.azure_activity_logs_retention
enable_event_hub = local.azure_activity_logs_event_hub
}
14 changes: 14 additions & 0 deletions examples/activity_logs/locals.tf
View file
Expand Up @@ -15,6 +15,20 @@ locals {
environment = "DEV"
owner = "CAF"
}
audit = {
log = [
# ["Audit category name", "Audit enabled)"]
["Administrative", true],
["Security", true],
["ServiceHealth", true],
["Alert", true],
["Recommendation", true],
["Policy", true],
["Autoscale", true],
["ResourceHealth", true],

]
}

azure_activity_logs_event_hub = true
azure_activity_logs_retention = 180
Expand Down
2 changes: 1 addition & 1 deletion examples/activity_logs/main.tf
View file
@@ -1,5 +1,5 @@
provider "azurerm" {
version = "~>2.2.0"
version = ">=2.8.0"
features {}
}

5 changes: 5 additions & 0 deletions main.tf
View file
Expand Up @@ -7,3 +7,8 @@ locals {

data "azurerm_subscription" "current" {
}

provider "azurerm" {
version = "~>2.8.0"
features {}
}
101 changes: 21 additions & 80 deletions module.tf
View file
@@ -1,21 +1,21 @@
# Defines the subscription-wide logging and eventing settings
# Creating the containers on Storage Account and Event Hub (optional)
resource "azurecaf_naming_convention" "caf_name_st" {
name = var.name
prefix = var.prefix != "" ? var.prefix : null
postfix = var.postfix != "" ? var.postfix : null
max_length = var.max_length != "" ? var.max_length : null
resource_type = "azurerm_storage_account"
convention = var.convention
name = var.name
prefix = var.prefix != "" ? var.prefix : null
postfix = var.postfix != "" ? var.postfix : null
max_length = var.max_length != "" ? var.max_length : null
resource_type = "azurerm_storage_account"
convention = var.convention
}

resource "azurecaf_naming_convention" "caf_name_evh" {
name = var.name
prefix = var.prefix != "" ? var.prefix : null
postfix = var.postfix != "" ? var.postfix : null
max_length = var.max_length != "" ? var.max_length : null
resource_type = "evh"
convention = var.convention
name = var.name
prefix = var.prefix != "" ? var.prefix : null
postfix = var.postfix != "" ? var.postfix : null
max_length = var.max_length != "" ? var.max_length : null
resource_type = "azurerm_eventhub_namespace"
convention = var.convention
}

resource "azurerm_storage_account" "log" {
Expand All @@ -40,81 +40,22 @@ resource "azurerm_eventhub_namespace" "log" {
capacity = 2
tags = local.tags
auto_inflate_enabled = false
# kafka_enabled = true

}

resource "azurerm_monitor_diagnostic_setting" "audit" {

name = var.name
target_resource_id = data.azurerm_subscription.current.id
log_analytics_workspace_id = var.log_analytics_workspace_id
eventhub_authorization_rule_id = var.enable_event_hub == true ? "${azurerm_eventhub_namespace.log[0].id}/authorizationrules/RootManageSharedAccessKey" : null
eventhub_name = azurerm_eventhub_namespace.log[0].name
eventhub_authorization_rule_id = var.enable_event_hub ? "${azurerm_eventhub_namespace.log[0].id}/authorizationrules/RootManageSharedAccessKey" : null
eventhub_name = var.enable_event_hub ? azurerm_eventhub_namespace.log[0].name : null
storage_account_id = azurerm_storage_account.log.id

log {
category = "Administrative"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "Security"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "ServiceHealth"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "Alert"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "Recommendation"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "Policy"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "Autoscale"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "ResourceHealth"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
dynamic "log" {
for_each = var.audit_settings_object.log
content {
category = log.value[0]
enabled = log.value[1]
}
}
}
3 changes: 3 additions & 0 deletions variables.tf
View file
Expand Up @@ -53,3 +53,6 @@ variable "max_length" {
default = ""
}

variable "audit_settings_object" {
description = "(Required) Contains the settings for Azure Audit activity log retention"
}

0 comments on commit 64adbce

Please sign in to comment.