https://github.com/claranet/terraform-azurerm-defender-for-cloud
Terraform module to configure Microsoft Defender for Cloud (aka Security Center) on Azure
https://github.com/claranet/terraform-azurerm-defender-for-cloud
azure claranet module terraform
Last synced: 2 months ago
JSON representation
Terraform module to configure Microsoft Defender for Cloud (aka Security Center) on Azure
- Host: GitHub
- URL: https://github.com/claranet/terraform-azurerm-defender-for-cloud
- Owner: claranet
- License: apache-2.0
- Created: 2023-06-09T09:31:09.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2024-10-16T23:39:30.000Z (8 months ago)
- Last Synced: 2024-10-18T23:57:55.813Z (8 months ago)
- Topics: azure, claranet, module, terraform
- Language: HCL
- Homepage:
- Size: 85.9 KB
- Stars: 1
- Watchers: 6
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Microsoft Defender for Cloud
[](CHANGELOG.md) [](NOTICE) [](LICENSE) [](https://search.opentofu.org/module/claranet/defender-for-cloud/azurerm/)
Azure module to deploy a [Microsoft Defender for Cloud](https://azure.microsoft.com/en-us/products/defender-for-cloud).
⚠️ NOTE:
Owner access permission is required.
## Global versioning rule for Claranet Azure modules
| Module version | Terraform version | OpenTofu version | AzureRM version |
| -------------- | ----------------- | ---------------- | --------------- |
| >= 8.x.x | **Unverified** | 1.8.x | >= 4.0 |
| >= 7.x.x | 1.3.x | | >= 3.0 |
| >= 6.x.x | 1.x | | >= 3.0 |
| >= 5.x.x | 0.15.x | | >= 2.0 |
| >= 4.x.x | 0.13.x / 0.14.x | | >= 2.0 |
| >= 3.x.x | 0.12.x | | >= 2.0 |
| >= 2.x.x | 0.12.x | | < 2.0 |
| < 2.x.x | 0.11.x | | < 2.0 |
## Contributing
If you want to contribute to this repository, feel free to use our [pre-commit](https://pre-commit.com/) git hook configuration
which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the [CONTRIBUTING.md](./CONTRIBUTING.md#pull-request-process) file.
## Usage
This module is optimized to work with the [Claranet terraform-wrapper](https://github.com/claranet/terraform-wrapper) tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the `terraform-wrapper` available in the [documentation](https://github.com/claranet/terraform-wrapper#environment).
⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with
[Hashicorp Terraform](https://github.com/hashicorp/terraform/). Instead, we recommend to use [OpenTofu](https://github.com/opentofu/opentofu/).
```hcl
module "defender_for_cloud" {
source = "claranet/defender-for-cloud/azurerm"
version = "x.x.x"
}
```
## Providers
| Name | Version |
|------|---------|
| azurerm | ~> 4.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_security_center_contact.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact) | resource |
| [azurerm_security_center_subscription_pricing.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| alert\_notifications\_enabled | Whether to send security alerts notifications to the security contact or not. | `bool` | `true` | no |
| alerts\_to\_admins\_enabled | Whether to send security alerts notifications to Subscription admins (Owners) or not. | `bool` | `true` | no |
| contact | The name, email and phone number to contact for security alerts. |
object({
name = optional(string)
email = optional(string)
phone = optional(string)
}) | `{}` | no |
| services | Defender for Cloud services list to activate. See [https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing). | list(object({
resource_type = string
tier = optional(string, "Standard")
subplan = optional(string, null)
})) | [
{
"resource_type": "AppServices"
},
{
"resource_type": "Arm",
"subplan": "PerSubscription"
},
{
"resource_type": "CloudPosture"
},
{
"resource_type": "ContainerRegistry"
},
{
"resource_type": "Containers"
},
{
"resource_type": "CosmosDbs"
},
{
"resource_type": "Dns"
},
{
"resource_type": "KeyVaults",
"subplan": "PerKeyVault"
},
{
"resource_type": "KubernetesService"
},
{
"resource_type": "OpenSourceRelationalDatabases"
},
{
"resource_type": "SqlServerVirtualMachines"
},
{
"resource_type": "SqlServers"
},
{
"resource_type": "StorageAccounts",
"subplan": "DefenderForStorageV2"
},
{
"resource_type": "VirtualMachines",
"subplan": "P1"
}
]
| no |
## Outputs
| Name | Description |
|------|-------------|
| alert\_contact\_id | The alert contact object ID. |
| resource\_alert\_contact | The alert contact object. |
| resource\_subscribed\_plans | List of subscribed plans and services. |
## Related documentation
Microsoft Azure documentation: xxxx