-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
142 lines (116 loc) · 5.56 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Random string generator for globally unique resource names
resource "random_string" "suffix" {
length = 8
special = false
}
resource "random_string" "diagnostics_suffix" {
length = 8
special = false
upper = false
}
## Log Analytics
# Workspace
resource "azurerm_log_analytics_workspace" "log_analytics" {
for_each = var.log_analytics_object.workspaces
name = "${each.value.name}${random_string.suffix.result}"
location = each.value.location
resource_group_name = each.value.log_analytics_rg
sku = "PerGB2018"
tags = lookup(each.value, "tags", null) == null ? local.tags : merge(local.tags, each.value.tags)
}
# Solutions
resource "azurerm_log_analytics_solution" "log_analytics_solutions" {
for_each = var.log_analytics_object.solution_plan_map
solution_name = each.value.name
location = each.value.location
resource_group_name = each.value.log_analytics_rg
workspace_resource_id = azurerm_log_analytics_workspace.log_analytics[each.value.workspace_key].id
workspace_name = azurerm_log_analytics_workspace.log_analytics[each.value.workspace_key].name
plan {
product = each.value.product
publisher = each.value.publisher
}
depends_on = [
azurerm_log_analytics_workspace.log_analytics
]
}
## Diagnostics Logs
# Storage Account
resource "azurerm_storage_account" "log" {
for_each = var.diagnostics_object.storage_accounts
name = "${each.value.name}${random_string.diagnostics_suffix.result}"
resource_group_name = each.value.resource_group_name
location = each.value.location
account_kind = each.value.account_kind
account_tier = each.value.account_tier
account_replication_type = each.value.account_replication_type
access_tier = each.value.access_tier
enable_https_traffic_only = each.value.enable_https_traffic_only
tags = lookup(each.value, "tags", null) == null ? local.tags : merge(local.tags, each.value.tags)
}
# NSG Diagnostics
resource "azurerm_monitor_diagnostic_setting" "nsg_diag" {
depends_on = [var.level0_NSG]
for_each = var.level0_NSG
name = var.diagnostics_object.nsg_diagnostics.name
target_resource_id = each.value.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics[var.diagnostics_object.nsg_diagnostics.log_analytics_workspace_key].id
log {
category = "NetworkSecurityGroupRuleCounter"
retention_policy {
days = var.diagnostics_object.nsg_diagnostics.opslogs_retention_period
enabled = true
}
}
log {
category = "NetworkSecurityGroupEvent"
retention_policy {
days = var.diagnostics_object.nsg_diagnostics.opslogs_retention_period
enabled = true
}
}
}
# Event Hub Namespace - CHECK IF REQUIRED
# resource "azurerm_eventhub_namespace" "log" {
# for_each = var.diagnostics_object.event_hubs
# name = "${each.value.name}${random_string.diagnostics_suffix.result}"
# location = each.value.location
# resource_group_name = each.value.resource_group_name
# sku = each.value.sku
# capacity = each.value.capacity
# auto_inflate_enabled = each.value.auto_inflate_enabled
# tags = lookup(each.value, "tags", null) == null ? local.tags : merge(local.tags, each.value.tags)
# # kafka_enabled = true
# }
## Traffic Analytics
# Network Watcher
resource "azurerm_network_watcher" "netwatcher" {
for_each = var.networking_object.netwatcher.watchers
name = "${var.networking_object.netwatcher.name}${each.value.location}"
location = each.value.location
resource_group_name = each.value.virtual_network_rg
tags = lookup(each.value, "tags", null) == null ? local.tags : merge(local.tags, each.value.tags)
}
### NOT SUPPORTED IN AU CENTRAL 1 OR 2 ###
# # NSG Flow Logs
# resource "azurerm_network_watcher_flow_log" "nsg_flow" {
# for_each = var.level0_NSG
# network_watcher_name = "${var.networking_object.netwatcher.name}${each.value.location}"
# resource_group_name = each.value.resource_group_name
# network_security_group_id = each.value.id
# storage_account_id = azurerm_storage_account.log[var.networking_object.netwatcher.storage_account_key].id
# enabled = lookup(var.networking_object.netwatcher, "flow_logs_settings", {}) != {} ? var.networking_object.netwatcher.flow_logs_settings.enabled : false
# retention_policy {
# enabled = lookup(var.networking_object.netwatcher, "flow_logs_settings", {}) != {} ? var.networking_object.netwatcher.flow_logs_settings.retention : false
# days = lookup(var.networking_object.netwatcher, "flow_logs_settings", {}) != {} ? var.networking_object.netwatcher.flow_logs_settings.period : 7
# }
# traffic_analytics {
# enabled = lookup(var.networking_object.netwatcher, "traffic_analytics_settings", {}) != {} ? var.networking_object.netwatcher.traffic_analytics_settings.enabled : false
# workspace_id = azurerm_log_analytics_workspace.log_analytics[var.networking_object.netwatcher.log_analytics_workspace_key].workspace_id
# workspace_region = azurerm_log_analytics_workspace.log_analytics[var.networking_object.netwatcher.log_analytics_workspace_key].location
# workspace_resource_id = azurerm_log_analytics_workspace.log_analytics[var.networking_object.netwatcher.log_analytics_workspace_key].id
# }
# depends_on = [
# azurerm_network_watcher.netwatcher
# ]
# }