Note

This repository is publicly accessible as part of our open-source initiative. We welcome contributions from the community alongside our organization's primary development efforts.

---

terraform-module-template

Terraform Module Template

Usage

This example demonstrates the usage of this Terraform module with default settings.

module "example" {
  # Change "module" and "provider" accordingly to match you new module
  source = "cloudeteer/module/provider"

  tenant_id                    = "00000000-0000-0000-0000-000000000000"
  sentinel_serviceprincipal_id = "11111111-1111-1111-1111-111111111111"
}

Providers

The following providers are used by this module:

• azurerm (~> 4.0)

• random (~> 3.5)

Resources

The following resources are used by this module:

• azurerm_key_vault.secrets (resource)
• azurerm_log_analytics_workspace.logs (resource)
• azurerm_monitor_diagnostic_setting.sentinel_auditing (resource)
• azurerm_resource_group.vsoc_service (resource)
• azurerm_role_assignment.sentinel_playbook_permissions (resource)
• azurerm_sentinel_log_analytics_workspace_onboarding.sentinel (resource)
• random_string.key_vault_suffix (resource)

Required Inputs

The following input variables are required:

sentinel_serviceprincipal_id

Description: The Sentinel Service principal ID.

Type: string

tenant_id

Description: The Azure Active Directory tenant ID.

Type: string

Optional Inputs

The following input variables are optional (have default values):

azure_location

Description: The Azure region for the resources to be deployed.

Type: string

Default: "germanywestcentral"

key_vault_bypass

Description: Bypass value for the Key Vault.

Type: string

Default: "AzureServices"

key_vault_default_action

Description: Default action for the Key Vault.

Type: string

Default: "Deny"

key_vault_ip_rules

Description: IP Rules for the Key Vault

Type: list(string)

Default: []

key_vault_name_prefix

Description: The name of the Key Vault.

Type: string

Default: "kvvsocdevgwc"

key_vault_sku

Description: The SKU (plan) for the Key Vault.

Type: string

Default: "standard"

key_vault_vnet_ids

Description: VNet IDs for the Key Vault.

Type: list(string)

Default: []

log_analytics_workspace_name

Description: The name of the Log Analytics Workspace.

Type: string

Default: "log-vsoc-dev-gwc-01"

log_analytics_workspace_retention_time

Description: Number of days to retain log data. Valid range: 30 to 730 (2 years).

Type: number

Default: 90

log_analytics_workspace_sku

Description: Pricing tier for the Log Analytics Workspace.

Type: string

Default: "PerGB2018"

purge_protection_enabled

Description: Flag if purge protection is enabled.

Type: bool

Default: true

resource_group_name

Description: The name of the resource group.

Type: string

Default: "rg-vsoc-dev-gwc-01"

sentinel_customer_managed_key_enabled

Description: Enable customer managed key for Sentinel

Type: bool

Default: false

soft_delete_retention_days

Description: Retention Time for Logs in the Log Analytics Workspace.

Type: number

Default: 7

tags

Description: Custom tags to merge with module defaults.

Type: map(string)

Default: {}

Outputs

The following outputs are exported:

log_analytics_workspace_id

Description: The ID of the Log Analytics Workspace

log_analytics_workspace_name

Description: The Name of the Log Analytics Workspace

Contributions

We welcome all kinds of contributions, whether it's reporting bugs, submitting feature requests, or directly contributing to the development. Please read our Contributing Guidelines to learn how you can best contribute.

Thank you for your interest and support!

Copyright and license

© 2024 CLOUDETEER GmbH

This project is licensed under the MIT License.