:warning: WARNING! |
---|
This repository is no longer maintained. Please use the terraform-azurerm-avm-ptn-alz-management repository for the updated code. |
This module deploys a Log Analytics Workspace in Azure with Log Analytics Solutions and a linked Azure Automation Account.
module "alz-management" {
source = "Azure/alz-management/azurerm"
version = "<version>" # change this to your desired version, https://www.terraform.io/language/expressions/version-constraints
automation_account_name = "aa-prod-eus-001"
location = "eastus"
log_analytics_workspace_name = "law-prod-eus-001"
resource_group_name = "rg-management-eus-001"
}
We're using BridgeCrew Yor and yorbox to help manage tags consistently across infrastructure as code (IaC) frameworks. This adds accountability for the code responsible for deploying the particular Azure resources. In this module you might see tags like:
resource "azurerm_resource_group" "management" {
count = var.resource_group_creation_enabled ? 1 : 0
location = var.location
name = var.resource_group_name
tags = merge(var.tags, (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
avm_git_commit = "ba28d2019d124ec455bed690e553fe9c7e4e2780"
avm_git_file = "main.tf"
avm_git_last_modified_at = "2023-05-15 11:25:58"
avm_git_org = "Azure"
avm_git_repo = "terraform-azurerm-alz-management"
avm_yor_name = "management"
avm_yor_trace = "00a12560-70eb-4d00-81b9-d4059bc7ed62"
} /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/))
}
To enable tracing tags, set the tracing_tags_enabled
variable to true:
module "example" {
source = "Azure/alz-management/azurerm"
version = "<version>" # change this to your desired version, https://www.terraform.io/language/expressions/version-constraints
automation_account_name = "aa-prod-eus-001"
location = "eastus"
log_analytics_workspace_name = "law-prod-eus-001"
resource_group_name = "rg-management-eus-001"
tracing_tags_enabled = true
}
The tracing_tags_enabled
is defaulted to false
.
To customize the prefix for your tracing tags, set the tracing_tags_prefix
variable value in your Terraform configuration:
module "example" {
source = "Azure/alz-management/azurerm"
version = "<version>" # change this to your desired version, https://www.terraform.io/language/expressions/version-constraints
automation_account_name = "aa-prod-eus-001"
location = "eastus"
log_analytics_workspace_name = "law-prod-eus-001"
resource_group_name = "rg-management-eus-001"
tracing_tags_enabled = true
tracing_tags_prefix = "custom_prefix_"
}
The actual applied tags would be:
{
custom_prefix_git_commit = "ba28d2019d124ec455bed690e553fe9c7e4e2780"
custom_prefix_git_file = "main.tf"
custom_prefix_git_last_modified_at = "2023-05-15 11:25:58"
custom_prefix_git_org = "Azure"
custom_prefix_git_repo = "terraform-azurerm-alz-management"
custom_prefix_yor_trace = "00a12560-70eb-4d00-81b9-d4059bc7ed62"
}
We assumed that you have setup service principal's credentials in your environment variables like below:
export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"
On Windows Powershell:
$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"
We provide a docker image to run the pre-commit checks and tests for you: mcr.microsoft.com/azterraform:latest
To run the pre-commit task, we can run the following command:
docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
On Windows Powershell:
docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit
NOTE: If an error occurs in Powershell that indicates Argument or block definition required
for unit-fixture/locals.tf
and/or unit-fixture/variables.tf
, the issue could be that the symlink is not configured properly. This can be fixed as described in this link:
git config core.symlinks true
Then switch branches, or execute git reset:
git reset --hard HEAD
In pre-commit task, we will:
terraform fmt -recursive
command for your Terraform code.terrafmt fmt -f
command for markdown files and go code files to ensure that the Terraform code embedded in these files are well formatted.go mod tidy
and go mod vendor
for test folder to ensure that all the dependencies have been synced.gofmt
for all go code files.gofumpt
for all go code files.terraform-docs
on README.md
file, then run markdown-table-formatter
to format markdown tables in README.md
.Then we can run the pr-check task to check whether our code meets our pipeline's requirements (We strongly recommend you run the following command before you commit):
docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pr-check
On Windows Powershell:
docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pr-check
To run the e2e-test, we can run the following command:
docker run --rm -v $(pwd):/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
On Windows Powershell:
docker run --rm -v ${pwd}:/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test
Name | Version |
---|---|
terraform | >= 1.3 |
azurerm | >= 3.0, < 4.0 |
Name | Version |
---|---|
azurerm | >= 3.0, < 4.0 |
No modules.
Name | Type |
---|---|
azurerm_automation_account.management | resource |
azurerm_log_analytics_linked_service.management | resource |
azurerm_log_analytics_solution.management | resource |
azurerm_log_analytics_workspace.management | resource |
azurerm_resource_group.management | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
automation_account_encryption | The encryption configuration for the Azure Automation Account. | object({ |
null |
no |
automation_account_identity | The identity to assign to the Azure Automation Account. | object({ |
null |
no |
automation_account_local_authentication_enabled | Whether or not local authentication is enabled for the Azure Automation Account. | bool |
true |
no |
automation_account_location | The Azure region of the Azure Automation Account to deploy. This suppports overriding the location variable in specific cases. | string |
null |
no |
automation_account_name | The name of the Azure Automation Account to create. | string |
n/a | yes |
automation_account_public_network_access_enabled | Whether or not public network access is enabled for the Azure Automation Account. | bool |
true |
no |
automation_account_sku_name | The name of the SKU for the Azure Automation Account to create. | string |
"Basic" |
no |
linked_automation_account_creation_enabled | A boolean flag to determine whether to deploy the Azure Automation Account linked to the Log Analytics Workspace or not. | bool |
true |
no |
location | The Azure region where the resources will be deployed. | string |
n/a | yes |
log_analytics_solution_plans | The Log Analytics Solution Plans to create. | list(object({ |
[ |
no |
log_analytics_workspace_allow_resource_only_permissions | Whether or not to allow resource-only permissions for the Log Analytics Workspace. | bool |
true |
no |
log_analytics_workspace_cmk_for_query_forced | Whether or not to force the use of customer-managed keys for query in the Log Analytics Workspace. | bool |
null |
no |
log_analytics_workspace_daily_quota_gb | The daily ingestion quota in GB for the Log Analytics Workspace. | number |
null |
no |
log_analytics_workspace_internet_ingestion_enabled | Whether or not internet ingestion is enabled for the Log Analytics Workspace. | bool |
true |
no |
log_analytics_workspace_internet_query_enabled | Whether or not internet query is enabled for the Log Analytics Workspace. | bool |
true |
no |
log_analytics_workspace_local_authentication_disabled | Whether or not local authentication is disabled for the Log Analytics Workspace. | bool |
false |
no |
log_analytics_workspace_name | The name of the Log Analytics Workspace to create. | string |
n/a | yes |
log_analytics_workspace_reservation_capacity_in_gb_per_day | The reservation capacity in GB per day for the Log Analytics Workspace. | number |
null |
no |
log_analytics_workspace_retention_in_days | The number of days to retain data for the Log Analytics Workspace. | number |
30 |
no |
log_analytics_workspace_sku | The SKU to use for the Log Analytics Workspace. | string |
"PerGB2018" |
no |
resource_group_creation_enabled | A boolean flag to determine whether to deploy the Azure Resource Group or not. | bool |
true |
no |
resource_group_name | The name of the Azure Resource Group where the resources will be created. | string |
n/a | yes |
tags | A map of tags to apply to the resources created. | map(string) |
{} |
no |
tracing_tags_enabled | Whether enable tracing tags that generated by BridgeCrew Yor. | bool |
false |
no |
tracing_tags_prefix | Default prefix for generated tracing tags | string |
"avm_" |
no |
Name | Description |
---|---|
automation_account | A curated output of the Azure Automation Account. |
log_analytics_workspace | A curated output of the Log Analytics Workspace. |
resource_group | A curated output of the Azure Resource Group. |