github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/examples/azure/terraform-azure-monitor-example/main.tf (about)

     1  # ---------------------------------------------------------------------------------------------------------------------
     2  # DEPLOY AN AZURE MONITOR DIAGNOSTIC SETTING
     3  # This is an example of how to deploy an Azure Monitor Diagnostic Setting
     4  # for a key vault with a storage account.
     5  # ---------------------------------------------------------------------------------------------------------------------
     6  # See test/azure/terraform_azure_monitor_example_test.go for how to write automated tests for this code.
     7  # ---------------------------------------------------------------------------------------------------------------------
     8  
     9  provider "azurerm" {
    10    version = "~> 2.29"
    11  
    12    features {
    13      key_vault {
    14        purge_soft_delete_on_destroy = true
    15      }
    16    }
    17  }
    18  
    19  # Configure the Microsoft Azure Active Directory Provider
    20  provider "azuread" {
    21    version = "=0.7.0"
    22  }
    23  
    24  terraform {
    25    # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting
    26    # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it
    27    # forwards compatible with 0.13.x code.
    28    required_version = ">= 0.12.26"
    29  }
    30  
    31  resource "random_string" "short" {
    32    length  = 3
    33    lower   = true
    34    upper   = false
    35    number  = false
    36    special = false
    37  }
    38  
    39  resource "random_string" "long" {
    40    length  = 6
    41    lower   = true
    42    upper   = false
    43    number  = false
    44    special = false
    45  }
    46  
    47  # ---------------------------------------------------------------------------------------------------------------------
    48  # DEPLOY A RESOURCE GROUP
    49  # ---------------------------------------------------------------------------------------------------------------------
    50  
    51  resource "azurerm_resource_group" "monitor" {
    52    name     = "terratest-monitor-rg-${var.postfix}"
    53    location = var.location
    54  }
    55  
    56  data "azurerm_client_config" "current" {}
    57  
    58  # ---------------------------------------------------------------------------------------------------------------------
    59  # DEPLOY A STORAGE ACCOUNT
    60  # ---------------------------------------------------------------------------------------------------------------------
    61  
    62  resource "azurerm_storage_account" "monitor" {
    63    name                     = format("%s%s", "storage", random_string.long.result)
    64    resource_group_name      = azurerm_resource_group.monitor.name
    65    location                 = azurerm_resource_group.monitor.location
    66    account_tier             = "Standard"
    67    account_replication_type = "GRS"
    68  
    69    tags = {
    70      environment = "staging"
    71    }
    72  }
    73  
    74  # ---------------------------------------------------------------------------------------------------------------------
    75  # DEPLOY A KEY VAULT
    76  # ---------------------------------------------------------------------------------------------------------------------
    77  
    78  resource "azurerm_key_vault" "monitor" {
    79    name                        = "kv-${var.postfix}"
    80    location                    = azurerm_resource_group.monitor.location
    81    resource_group_name         = azurerm_resource_group.monitor.name
    82    enabled_for_disk_encryption = true
    83    tenant_id                   = data.azurerm_client_config.current.tenant_id
    84    soft_delete_enabled         = true
    85    purge_protection_enabled    = false
    86  
    87    sku_name = "standard"
    88  
    89    access_policy {
    90      tenant_id = data.azurerm_client_config.current.tenant_id
    91      object_id = data.azurerm_client_config.current.object_id
    92  
    93      key_permissions = [
    94        "create",
    95        "get",
    96        "list",
    97        "delete",
    98      ]
    99  
   100      secret_permissions = [
   101        "set",
   102        "get",
   103        "list",
   104        "delete",
   105      ]
   106  
   107      certificate_permissions = [
   108        "create",
   109        "delete",
   110        "deleteissuers",
   111        "get",
   112        "getissuers",
   113        "import",
   114        "list",
   115        "listissuers",
   116        "managecontacts",
   117        "manageissuers",
   118        "setissuers",
   119        "update",
   120      ]
   121    }
   122  
   123    network_acls {
   124      default_action = "Deny"
   125      bypass         = "AzureServices"
   126    }
   127  
   128    tags = {
   129      environment = "Testing"
   130    }
   131  }
   132  
   133  # ---------------------------------------------------------------------------------------------------------------------
   134  # DEPLOY A DIAGNOSTIC SETTING
   135  # https://www.terraform.io/docs/providers/azurerm/r/monitor_diagnostic_setting.html
   136  # ---------------------------------------------------------------------------------------------------------------------
   137  
   138  resource "azurerm_monitor_diagnostic_setting" "monitor" {
   139    name               = var.diagnosticSettingName
   140    target_resource_id = azurerm_key_vault.monitor.id
   141    storage_account_id = azurerm_storage_account.monitor.id
   142  
   143    log {
   144      category = "AuditEvent"
   145      enabled  = false
   146  
   147      retention_policy {
   148        enabled = false
   149      }
   150    }
   151  
   152    metric {
   153      category = "AllMetrics"
   154  
   155      retention_policy {
   156        enabled = false
   157      }
   158    }
   159  }