Skip to content

Commit

Permalink
feat: deprecate support for Terraform 0.12 and 0.13 (#61)
Browse files Browse the repository at this point in the history 
Signed-off-by: Darren Murray <[email protected]>
  • Loading branch information
@dmurray-lacework
dmurray-lacework authored May 23, 2022
1 parent d704528 commit b780460
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 29 deletions.
96 changes: 68 additions & 28 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,37 +8,77 @@
Terraform module for configuring an integration with Azure Subscriptions and Tenants for Activity Log analysis.
It configures a Diagnostic Setting that puts logs in an storage account, from which Lacework will read Activity Logs.

## Inputs
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14 |
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 2.28 |
| <a name="requirement_lacework"></a> [lacework](#requirement\_lacework) | ~> 0.3 |
| <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 2.28 |
| <a name="provider_lacework"></a> [lacework](#provider\_lacework) | ~> 0.3 |
| <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
| <a name="provider_time"></a> [time](#provider\_time) | n/a |

## Modules

| Name | Description | Type | Default | Required |
| ----------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------------- | --------------------------- | :------: |
| all_subscriptions | If set to true, grant read access to ALL subscriptions within the selected Tenant (overrides 'subscription_ids') | `bool` | `false` | no |
| application_id | The Active Directory Application id to use (required when use_existing_ad_application is set to true) | `string` | `""` | no |
| application_name | The name of the Azure AD Application (required when use_existing_ad_application is set to true) | `string` | `"lacework_security_audit"` | no |
| application_password | The Azure AD Application password to use (required when use_existing_ad_application is set to true) | `string` | `""` | no |
| diagnostic_settings_name | The name of the subscription's Diagnostic Setting for Activity Logs | `string` | `"Lacework Activity Logs"` | no |
| lacework_integration_name | The Lacework integration name | `string` | `"TF config"` | no |
| location | Azure region where the storage account for logging will reside | `string` | `"West US 2"` | no |
| prefix | The prefix to use at the beginning of every generated resource | `string` | `"lacework"` | no |
| service_principal_id | The Enterprise App Object ID related to the application_id (required when use_existing_ad_application is true) | `string` | `""` | no |
| storage_account_name | The name of the Storage Account | `string` | `""` | no |
| storage_account_resource_group| The Resource Group for the existing Storage Account | `string` | `""` | no |
| subscription_ids | List of subscriptions to to enable logging, by default the module will only use the primary subscription | `list(string)` | `[]` | no |
| tags | Azure Tags for the resources created (storage account and resource group) | `list(string)` | `[]` | no |
| use_existing_ad_application | Set this to true to use an existing Active Directory Application | `bool` | `false` | no |
| use_existing_storage_account | Set this to `true` to use an existing Storage Account. Default behavior creates a new Storage Account | `bool` | `false` | no |
| wait_time | Amount of time to wait before the Lacework resources are provisioned | `string` | `"50s"` | no |
| Name | Source | Version |
|------|--------|---------|
| <a name="module_az_ad_application"></a> [az\_ad\_application](#module\_az\_ad\_application) | lacework/ad-application/azure | ~> 1.0 |

## Resources

| Name | Type |
|------|------|
| [azurerm_eventgrid_event_subscription.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventgrid_event_subscription) | resource |
| [azurerm_monitor_diagnostic_setting.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
| [azurerm_resource_group.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
| [azurerm_role_assignment.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_definition.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
| [azurerm_storage_account.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
| [azurerm_storage_queue.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_queue) | resource |
| [lacework_integration_azure_al.lacework](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_azure_al) | resource |
| [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [time_sleep.wait_time](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [azurerm_storage_account.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account) | data source |
| [azurerm_subscription.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
| [azurerm_subscriptions.available](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscriptions) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_all_subscriptions"></a> [all\_subscriptions](#input\_all\_subscriptions) | If set to `true`, grant read access to ALL subscriptions within the selected Tenant (overrides `subscription_ids`) | `bool` | `false` | no |
| <a name="input_application_id"></a> [application\_id](#input\_application\_id) | The Active Directory Application id to use (required when use\_existing\_ad\_application is set to true) | `string` | `""` | no |
| <a name="input_application_name"></a> [application\_name](#input\_application\_name) | The name of the Azure Active Directory Application (required when use\_existing\_ad\_application is set to true) | `string` | `"lacework_security_audit"` | no |
| <a name="input_application_password"></a> [application\_password](#input\_application\_password) | The Active Directory Application password to use (required when use\_existing\_ad\_application is set to true) | `string` | `""` | no |
| <a name="input_diagnostic_settings_name"></a> [diagnostic\_settings\_name](#input\_diagnostic\_settings\_name) | The name of the subscription's Diagnostic Setting for Activity Logs | `string` | `"lacework_activity_logs"` | no |
| <a name="input_lacework_integration_name"></a> [lacework\_integration\_name](#input\_lacework\_integration\_name) | The Lacework integration name | `string` | `"TF activity log"` | no |
| <a name="input_location"></a> [location](#input\_location) | Azure region where the storage account for logging will reside | `string` | `"West US 2"` | no |
| <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix to use at the beginning of every generated resource | `string` | `"lacework"` | no |
| <a name="input_service_principal_id"></a> [service\_principal\_id](#input\_service\_principal\_id) | The Enterprise App Object ID related to the application\_id (required when use\_existing\_ad\_application is true) | `string` | `""` | no |
| <a name="input_storage_account_name"></a> [storage\_account\_name](#input\_storage\_account\_name) | The name of the Storage Account | `string` | `""` | no |
| <a name="input_storage_account_resource_group"></a> [storage\_account\_resource\_group](#input\_storage\_account\_resource\_group) | The Resource Group for the existing Storage Account | `string` | `""` | no |
| <a name="input_subscription_ids"></a> [subscription\_ids](#input\_subscription\_ids) | List of subscriptions to enable logging (by default the module will only use the primary subscription) | `list(string)` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Key-value map of Tag names and Tag values | `map(string)` | `{}` | no |
| <a name="input_use_existing_ad_application"></a> [use\_existing\_ad\_application](#input\_use\_existing\_ad\_application) | Set this to `true` to use an existing Active Directory Application | `bool` | `false` | no |
| <a name="input_use_existing_storage_account"></a> [use\_existing\_storage\_account](#input\_use\_existing\_storage\_account) | Set this to `true` to use an existing Storage Account. Default behavior creates a new Storage Account | `bool` | `false` | no |
| <a name="input_wait_time"></a> [wait\_time](#input\_wait\_time) | Amount of time to wait before the Lacework resources are provisioned | `string` | `"50s"` | no |

## Outputs

| Name | Description |
| ------------------------------ | ----------------------------------------------------------------------------- |
| application_id | The Lacework AD Application id |
| application_password | The Lacework AD Application password |
| diagnostic_settings_name | The name of the subscription's Diagnostic Setting for Activity Logs |
| service_principal_id | The Lacework Service Principal id |
| storage_account_name | The name of the Storage Account for Activity Logs |
| storage_account_resource_group | The resource group of the Storage Account for Activity Logs |
| subscription_ids | The list of subscriptions that will send Activity Logs to the storage account |
| Name | Description |
|------|-------------|
| <a name="output_application_id"></a> [application\_id](#output\_application\_id) | The Lacework AD Application id |
| <a name="output_application_password"></a> [application\_password](#output\_application\_password) | The Lacework AD Application password |
| <a name="output_diagnostic_settings_name"></a> [diagnostic\_settings\_name](#output\_diagnostic\_settings\_name) | The name of the subscription's Diagnostic Setting for Activity Logs |
| <a name="output_service_principal_id"></a> [service\_principal\_id](#output\_service\_principal\_id) | The Lacework Service Principal id |
| <a name="output_storage_account_name"></a> [storage\_account\_name](#output\_storage\_account\_name) | The name of the centralized Storage Account for Activity Logs |
| <a name="output_storage_account_resource_group"></a> [storage\_account\_resource\_group](#output\_storage\_account\_resource\_group) | The resource group of the centralized Storage Account for Activity Logs |
| <a name="output_subscription_ids"></a> [subscription\_ids](#output\_subscription\_ids) | The list of subscriptions that will send Activity Logs to the storage account |
2 changes: 1 addition & 1 deletion versions.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 0.12.31"
required_version = ">= 0.14"

required_providers {
azurerm = "~> 2.28"
Expand Down

0 comments on commit b780460

Please sign in to comment.