Terraform module that creates an Azure Active Directory Application to provide Lacework read-only access to Azure Subscriptions and Tenants. Lacework logins to Azure using a service principal (an App Registration) with Directory.Read.All on MS Graph API which can also be achieved using a Directory Reader role on Azure AD
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| azuread | ~> 2.25 |
| lacework | ~> 1.18 |
| Name | Version |
|---|---|
| azuread | ~> 2.25 |
| lacework | ~> 1.18 |
| time | n/a |
No modules.
| Name | Type |
|---|---|
| azuread_application.lacework | resource |
| azuread_application_password.client_secret | resource |
| azuread_directory_role.dir_reader | resource |
| azuread_directory_role_assignment.lacework_dir_reader | resource |
| azuread_service_principal.lacework | resource |
| time_sleep.wait_60_seconds | resource |
| azuread_client_config.current | data source |
| lacework_metric_module.lwmetrics | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| all_subscriptions | [DEPRECATED] Use this input on upstream modules. (https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs and https://registry.terraform.io/modules/lacework/activity-log/azure/latest?tab=inputs) | bool |
false |
no |
| application_identifier_uris | [DEPRECATED] A list of user-defined URI(s) for the Lacework AD Application | list(string) |
[] |
no |
| application_name | The name of the Azure Active Directory Application | string |
"lacework_security_audit" |
no |
| application_owners | The owners of the Azure Active Directory Application. If empty, current user will be owner | list(string) |
[] |
no |
| create | Set to false to prevent the module from creating any resources |
bool |
true |
no |
| enable_directory_reader | Enable Directory Reader role for this principal. This will allow Lacework to read Users/Groups/Principals from MS Graph API | bool |
true |
no |
| key_vault_ids | [DEPRECATED] A list of Key Vault Ids used in your subscription for the Lacework AD App to have access to | list(string) |
[] |
no |
| management_group_id | [DEPRECATED] Use this input on upstream module: https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs | string |
"" |
no |
| password_length | [DEPRECATED] The length of the Lacework AD Application password | number |
30 |
no |
| subscription_ids | [DEPRECATED] Use this input on upstream modules. (https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs and https://registry.terraform.io/modules/lacework/activity-log/azure/latest?tab=inputs) | list(string) |
[] |
no |
| tenant_id | [DEPRECATED] A Tenant ID different from the default defined inside the provider | string |
"" |
no |
| use_management_group | [DEPRECATED] Use this input on upstream module: https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs | bool |
false |
no |
| Name | Description |
|---|---|
| application_id | The Lacework AD Application id |
| application_password | The Lacework AD Application password |
| created | Was the Active Directory Application created |
| enable_directory_reader | Was the Active Directory Application granted Directory Reader role in Azure AD? |
| service_principal_id | The Lacework Service Principal id |
| tenant_id | [DEPRECATED] A Tenant ID used to configure the AD Application |