Terraform module for configuring an integration with Azure Subscriptions and Tenants for Activity Log analysis. It configures a Diagnostic Setting that puts logs in an storage account, from which Lacework will read Activity Logs.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| azurerm | ~> 3.115 |
| lacework | ~> 1.18 |
| random | >= 2.1 |
| Name | Version |
|---|---|
| azurerm | ~> 3.115 |
| lacework | ~> 1.18 |
| random | >= 2.1 |
| time | n/a |
| Name | Source | Version |
|---|---|---|
| az_ad_application | lacework/ad-application/azure | ~> 1.0 |
| Name | Type |
|---|---|
| azurerm_eventgrid_event_subscription.lacework | resource |
| azurerm_monitor_diagnostic_setting.lacework | resource |
| azurerm_private_endpoint.lacework | resource |
| azurerm_resource_group.lacework | resource |
| azurerm_role_assignment.lacework | resource |
| azurerm_role_definition.lacework | resource |
| azurerm_storage_account.lacework | resource |
| azurerm_storage_account_network_rules.lacework | resource |
| azurerm_storage_queue.lacework | resource |
| azurerm_subnet.lacework | resource |
| azurerm_virtual_network.lacework | resource |
| lacework_integration_azure_al.lacework | resource |
| random_id.uniq | resource |
| time_sleep.wait_time | resource |
| azurerm_storage_account.lacework | data source |
| azurerm_subscription.primary | data source |
| azurerm_subscriptions.available | data source |
| lacework_metric_module.lwmetrics | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| all_subscriptions | If set to true, grant read access to ALL subscriptions within the selected Tenant (overrides subscription_ids) |
bool |
false |
no |
| application_id | The Active Directory Application id to use (required when use_existing_ad_application is set to true) | string |
"" |
no |
| application_name | The name of the Azure Active Directory Application (required when use_existing_ad_application is set to true) | string |
"lacework_security_audit" |
no |
| application_password | The Active Directory Application password to use (required when use_existing_ad_application is set to true) | string |
"" |
no |
| diagnostic_settings_name | The name of the subscription's Diagnostic Setting for Activity Logs (required when use_existing_diagnostic_settings is set to true) | string |
"activity-logs" |
no |
| existing_subnet_id | Subnet ID for existing VNet to use for creating the private endpoint and/or storage account access rules | string |
"" |
no |
| infrastructure_encryption_enabled | Enable Infrastructure Encryption for Azure Storage Account | bool |
false |
no |
| lacework_integration_name | The Lacework integration name | string |
"TF activity log" |
no |
| location | Azure region where the storage account for logging will reside | string |
"West US 2" |
no |
| log_retention_days | Specifies the number of days that logs will be retained | number |
10 |
no |
| prefix | The prefix to use at the beginning of every generated resource | string |
"lacework" |
no |
| private_endpoint_network_policies_enabled | Enable or Disable network policies for the private endpoint on the subnet. Possible values are Disabled, Enabled, NetworkSecurityGroupEnabled and RouteTableEnabled. Defaults to Disabled | string |
"Disabled" |
no |
| service_principal_id | The Enterprise App Object ID related to the application_id (required when use_existing_ad_application is true) | string |
"" |
no |
| storage_account_name | The name of the Storage Account | string |
"" |
no |
| storage_account_network_rule_action | Specifies the azurerm_storage_account_network_rules default action of allow or deny when no other rules match. Valid options are Deny or Allow |
string |
"Deny" |
no |
| storage_account_network_rule_bypass | Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging, Metrics, AzureServices, or None. Requires use_storage_account_network_rules enabled. |
list(string) |
[ |
no |
| storage_account_network_rule_ip_rules | List of allowed ip addresses. Requires use_storage_account_network_rules enabled. |
list(string) |
[] |
no |
| storage_account_network_rule_lacework_ip_rules | List of allowed Lacework ip addresses. See https://docs.lacework.net/onboarding/lacework-outbound-ips#docusaurus_skipToContent_fallback. Requires use_storage_account_network_rules enabled. |
list(string) |
[ |
no |
| storage_account_network_rule_subnet_ids | A list of virtual network subnet ids to secure the storage account. Requires use_storage_account_network_rules enabled. |
list(string) |
[] |
no |
| storage_account_resource_group | The Resource Group for the existing Storage Account | string |
"" |
no |
| subnet_address_prefixes | Limit the CIDR of the subnet | list(string) |
[ |
no |
| subscription_exclusions | List of subscriptions to exclude when using the all_subscriptions option. |
list(string) |
[] |
no |
| subscription_ids | List of subscriptions to enable logging (by default the module will only use the primary subscription) | list(string) |
[] |
no |
| tags | Key-value map of Tag names and Tag values | map(string) |
{} |
no |
| use_existing_ad_application | Set this to true to use an existing Active Directory Application |
bool |
false |
no |
| use_existing_diagnostic_settings | Set this to true to use an existing Diagnostic Settings. Default behavior creates a new Diagnostic Settings |
bool |
false |
no |
| use_existing_storage_account | Set this to true to use an existing Storage Account. Default behavior creates a new Storage Account |
bool |
false |
no |
| use_existing_subnet | Set this to true to use an existing VNet Subnet ID. Default behavior creates a new VNet |
bool |
false |
no |
| use_storage_account_network_rules | Enable configuration of azurerm_storage_account_network_rules resource | bool |
false |
no |
| virtual_network_address_space | Adress space of the Storage Acount vNet | list(string) |
[ |
no |
| wait_time | Amount of time to wait before the Lacework resources are provisioned | string |
"50s" |
no |
| Name | Description |
|---|---|
| application_id | The Lacework AD Application id |
| application_password | The Lacework AD Application password |
| diagnostic_settings_name | The name of the subscription's Diagnostic Setting for Activity Logs |
| lacework_integration_guid | GUID of the created Lacework integration |
| service_principal_id | The Lacework Service Principal id |
| storage_account_name | The name of the centralized Storage Account for Activity Logs |
| storage_account_resource_group | The resource group of the centralized Storage Account for Activity Logs |
| subscription_ids | The list of subscriptions that will send Activity Logs to the storage account |