fix: lacework-global-534 (#100)

* fix: lacework-global-534 Signed-off-by: Darren Murray <[email protected]> * fix: lacework-global-534 Signed-off-by: Darren Murray <[email protected]> * fix: lacework-global-534 Signed-off-by: Darren Murray <[email protected]> * docs: run make terraform-docs Signed-off-by: Darren Murray <[email protected]> * fix: lacework-global-534 Signed-off-by: Darren Murray <[email protected]> --------- Signed-off-by: Darren Murray <[email protected]>
lacework · Feb 12, 2024 · ef88784 · ef88784
1 parent 65b948a
commit ef88784
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -39,12 +39,15 @@ It configures a Diagnostic Setting that puts logs in an storage account, from wh
 |------|------|
 | [azurerm_eventgrid_event_subscription.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventgrid_event_subscription) | resource |
 | [azurerm_monitor_diagnostic_setting.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
+| [azurerm_private_endpoint.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_resource_group.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_role_assignment.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_definition.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
 | [azurerm_storage_account.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
 | [azurerm_storage_account_network_rules.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules) | resource |
 | [azurerm_storage_queue.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_queue) | resource |
+| [azurerm_subnet.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
+| [azurerm_virtual_network.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource |
 | [lacework_integration_azure_al.lacework](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_azure_al) | resource |
 | [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [time_sleep.wait_time](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |

diff --git a/examples/default-activity-log/main.tf b/examples/default-activity-log/main.tf
@@ -6,4 +6,4 @@ provider "lacework" {}
 
 module "az_activity_log" {
   source = "../../"
-}
+} 
diff --git a/main.tf b/main.tf
@@ -89,6 +89,8 @@ resource "azurerm_storage_account_network_rules" "lacework" {
   ip_rules           = concat(var.storage_account_network_rule_ip_rules,
   var.storage_account_network_rule_lacework_ip_rules)
 
+  virtual_network_subnet_ids = [azurerm_subnet.lacework.id]
+
   depends_on = [azurerm_storage_queue.lacework]
 }
 
@@ -225,3 +227,36 @@ data "lacework_metric_module" "lwmetrics" {
   name    = local.module_name
   version = local.module_version
 }
+
+# virtual network and subnet
+resource "azurerm_virtual_network" "lacework" {
+  name                = "lacework-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.lacework[0].location
+  resource_group_name = azurerm_resource_group.lacework[0].name
+}
+
+resource "azurerm_subnet" "lacework" {
+  name                 = "lacework-subnet"
+  resource_group_name  = azurerm_resource_group.lacework[0].name
+  virtual_network_name = azurerm_virtual_network.lacework.name
+  address_prefixes     = ["10.0.1.0/24"]
+  service_endpoints    = ["Microsoft.Storage"]
+
+  enforce_private_link_endpoint_network_policies = true
+}
+
+resource "azurerm_private_endpoint" "lacework" {
+  name                = "lacework-private-endpoint"
+  location            = azurerm_resource_group.lacework[0].location
+  resource_group_name = azurerm_resource_group.lacework[0].name
+  subnet_id           = azurerm_subnet.lacework.id
+
+  private_service_connection {
+    name                           = "lacework-privateserviceconnection"
+    is_manual_connection           = false
+    private_connection_resource_id = local.storage_account_id
+    subresource_names              = ["queue"]
+  }
+}
+