Terraform module that creates an Azure Active Directory Application to provide Lacework read-only access to Azure Subscriptions and Tenants. Lacework logins to Azure using a service principal (an App Registration) with Directory.Read.All on MS Graph API which can also be achieved using a Directory Reader role on Azure AD
Name | Version |
---|---|
terraform | >= 0.14 |
azuread | ~> 2.25 |
lacework | ~> 1.18 |
Name | Version |
---|---|
azuread | ~> 2.25 |
lacework | ~> 1.18 |
time | n/a |
No modules.
Name | Type |
---|---|
azuread_application.lacework | resource |
azuread_application_password.client_secret | resource |
azuread_directory_role.dir_reader | resource |
azuread_directory_role_assignment.lacework_dir_reader | resource |
azuread_service_principal.lacework | resource |
time_sleep.wait_60_seconds | resource |
azuread_client_config.current | data source |
lacework_metric_module.lwmetrics | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
all_subscriptions | [DEPRECATED] Use this input on upstream modules. (https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs and https://registry.terraform.io/modules/lacework/activity-log/azure/latest?tab=inputs) | bool |
false |
no |
application_identifier_uris | [DEPRECATED] A list of user-defined URI(s) for the Lacework AD Application | list(string) |
[] |
no |
application_name | The name of the Azure Active Directory Application | string |
"lacework_security_audit" |
no |
application_owners | The owners of the Azure Active Directory Application. If empty, current user will be owner | list(string) |
[] |
no |
create | Set to false to prevent the module from creating any resources |
bool |
true |
no |
enable_directory_reader | Enable Directory Reader role for this principal. This will allow Lacework to read Users/Groups/Principals from MS Graph API | bool |
true |
no |
key_vault_ids | [DEPRECATED] A list of Key Vault Ids used in your subscription for the Lacework AD App to have access to | list(string) |
[] |
no |
management_group_id | [DEPRECATED] Use this input on upstream module: https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs | string |
"" |
no |
password_length | [DEPRECATED] The length of the Lacework AD Application password | number |
30 |
no |
subscription_ids | [DEPRECATED] Use this input on upstream modules. (https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs and https://registry.terraform.io/modules/lacework/activity-log/azure/latest?tab=inputs) | list(string) |
[] |
no |
tenant_id | [DEPRECATED] A Tenant ID different from the default defined inside the provider | string |
"" |
no |
use_management_group | [DEPRECATED] Use this input on upstream module: https://registry.terraform.io/modules/lacework/config/azure/latest?tab=inputs | bool |
false |
no |
Name | Description |
---|---|
application_id | The Lacework AD Application id |
application_password | The Lacework AD Application password |
created | Was the Active Directory Application created |
enable_directory_reader | Was the Active Directory Application granted Directory Reader role in Azure AD? |
service_principal_id | The Lacework Service Principal id |
tenant_id | [DEPRECATED] A Tenant ID used to configure the AD Application |