Terraform module for configuring an integration with Azure Subscriptions and Tenants for Activity Log analysis. It configures a Diagnostic Setting that puts logs in an storage account, from which Lacework will read Activity Logs.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| azurerm | ~> 3.0 |
| lacework | ~> 1.0 |
| random | >= 2.1 |
| Name | Version |
|---|---|
| azurerm | ~> 3.0 |
| lacework | ~> 1.0 |
| random | >= 2.1 |
| time | n/a |
| Name | Source | Version |
|---|---|---|
| az_ad_application | lacework/ad-application/azure | ~> 1.0 |
| Name | Type |
|---|---|
| azurerm_eventgrid_event_subscription.lacework | resource |
| azurerm_monitor_diagnostic_setting.lacework | resource |
| azurerm_resource_group.lacework | resource |
| azurerm_role_assignment.lacework | resource |
| azurerm_role_definition.lacework | resource |
| azurerm_storage_account.lacework | resource |
| azurerm_storage_queue.lacework | resource |
| lacework_integration_azure_al.lacework | resource |
| random_id.uniq | resource |
| time_sleep.wait_time | resource |
| azurerm_storage_account.lacework | data source |
| azurerm_subscription.primary | data source |
| azurerm_subscriptions.available | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| all_subscriptions | If set to true, grant read access to ALL subscriptions within the selected Tenant (overrides subscription_ids) |
bool |
false |
no |
| application_id | The Active Directory Application id to use (required when use_existing_ad_application is set to true) | string |
"" |
no |
| application_name | The name of the Azure Active Directory Application (required when use_existing_ad_application is set to true) | string |
"lacework_security_audit" |
no |
| application_password | The Active Directory Application password to use (required when use_existing_ad_application is set to true) | string |
"" |
no |
| diagnostic_settings_name | The name of the subscription's Diagnostic Setting for Activity Logs | string |
"lacework_activity_logs" |
no |
| lacework_integration_name | The Lacework integration name | string |
"TF activity log" |
no |
| location | Azure region where the storage account for logging will reside | string |
"West US 2" |
no |
| prefix | The prefix to use at the beginning of every generated resource | string |
"lacework" |
no |
| service_principal_id | The Enterprise App Object ID related to the application_id (required when use_existing_ad_application is true) | string |
"" |
no |
| storage_account_name | The name of the Storage Account | string |
"" |
no |
| storage_account_resource_group | The Resource Group for the existing Storage Account | string |
"" |
no |
| subscription_exclusions | List of subscriptions to exclude when using the all_subscriptions option. |
list(string) |
[] |
no |
| subscription_ids | List of subscriptions to enable logging (by default the module will only use the primary subscription) | list(string) |
[] |
no |
| tags | Key-value map of Tag names and Tag values | map(string) |
{} |
no |
| use_existing_ad_application | Set this to true to use an existing Active Directory Application |
bool |
false |
no |
| use_existing_storage_account | Set this to true to use an existing Storage Account. Default behavior creates a new Storage Account |
bool |
false |
no |
| wait_time | Amount of time to wait before the Lacework resources are provisioned | string |
"50s" |
no |
| Name | Description |
|---|---|
| application_id | The Lacework AD Application id |
| application_password | The Lacework AD Application password |
| diagnostic_settings_name | The name of the subscription's Diagnostic Setting for Activity Logs |
| service_principal_id | The Lacework Service Principal id |
| storage_account_name | The name of the centralized Storage Account for Activity Logs |
| storage_account_resource_group | The resource group of the centralized Storage Account for Activity Logs |
| subscription_ids | The list of subscriptions that will send Activity Logs to the storage account |