From ef88784f08fc14e45df5cfe49d95c575c8870c13 Mon Sep 17 00:00:00 2001
From: Darren <75614232+dmurray-lacework@users.noreply.github.com>
Date: Mon, 12 Feb 2024 20:28:05 +0000
Subject: [PATCH] fix: lacework-global-534 (#100)

* fix: lacework-global-534

Signed-off-by: Darren Murray <darren.murray@lacework.net>

* fix: lacework-global-534

Signed-off-by: Darren Murray <darren.murray@lacework.net>

* fix: lacework-global-534

Signed-off-by: Darren Murray <darren.murray@lacework.net>

* docs: run make terraform-docs

Signed-off-by: Darren Murray <darren.murray@lacework.net>

* fix: lacework-global-534

Signed-off-by: Darren Murray <darren.murray@lacework.net>

---------

Signed-off-by: Darren Murray <darren.murray@lacework.net>
---
 README.md                             |  3 +++
 examples/default-activity-log/main.tf |  2 +-
 main.tf                               | 35 +++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 07457b5..c22a768 100644
--- a/README.md
+++ b/README.md
@@ -39,12 +39,15 @@ It configures a Diagnostic Setting that puts logs in an storage account, from wh
 |------|------|
 | [azurerm_eventgrid_event_subscription.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventgrid_event_subscription) | resource |
 | [azurerm_monitor_diagnostic_setting.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
+| [azurerm_private_endpoint.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
 | [azurerm_resource_group.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource |
 | [azurerm_role_assignment.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_definition.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
 | [azurerm_storage_account.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
 | [azurerm_storage_account_network_rules.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules) | resource |
 | [azurerm_storage_queue.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_queue) | resource |
+| [azurerm_subnet.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
+| [azurerm_virtual_network.lacework](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource |
 | [lacework_integration_azure_al.lacework](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_azure_al) | resource |
 | [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [time_sleep.wait_time](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
diff --git a/examples/default-activity-log/main.tf b/examples/default-activity-log/main.tf
index d9e5414..ea61c66 100644
--- a/examples/default-activity-log/main.tf
+++ b/examples/default-activity-log/main.tf
@@ -6,4 +6,4 @@ provider "lacework" {}
 
 module "az_activity_log" {
   source = "../../"
-}
+} 
diff --git a/main.tf b/main.tf
index 2aab4a3..ebb53e9 100644
--- a/main.tf
+++ b/main.tf
@@ -89,6 +89,8 @@ resource "azurerm_storage_account_network_rules" "lacework" {
   ip_rules           = concat(var.storage_account_network_rule_ip_rules,
   var.storage_account_network_rule_lacework_ip_rules)
 
+  virtual_network_subnet_ids = [azurerm_subnet.lacework.id]
+
   depends_on = [azurerm_storage_queue.lacework]
 }
 
@@ -225,3 +227,36 @@ data "lacework_metric_module" "lwmetrics" {
   name    = local.module_name
   version = local.module_version
 }
+
+# virtual network and subnet
+resource "azurerm_virtual_network" "lacework" {
+  name                = "lacework-vnet"
+  address_space       = ["10.0.0.0/16"]
+  location            = azurerm_resource_group.lacework[0].location
+  resource_group_name = azurerm_resource_group.lacework[0].name
+}
+
+resource "azurerm_subnet" "lacework" {
+  name                 = "lacework-subnet"
+  resource_group_name  = azurerm_resource_group.lacework[0].name
+  virtual_network_name = azurerm_virtual_network.lacework.name
+  address_prefixes     = ["10.0.1.0/24"]
+  service_endpoints    = ["Microsoft.Storage"]
+
+  enforce_private_link_endpoint_network_policies = true
+}
+
+resource "azurerm_private_endpoint" "lacework" {
+  name                = "lacework-private-endpoint"
+  location            = azurerm_resource_group.lacework[0].location
+  resource_group_name = azurerm_resource_group.lacework[0].name
+  subnet_id           = azurerm_subnet.lacework.id
+
+  private_service_connection {
+    name                           = "lacework-privateserviceconnection"
+    is_manual_connection           = false
+    private_connection_resource_id = local.storage_account_id
+    subresource_names              = ["queue"]
+  }
+}
+