stackoom
  简体   繁体   中英

Azure Terraform Build Generic Components using Infrastructure as Code

 原文  2022-02-21 23:03:23       azure/ terraform/ terraform-provider-azure

Question

I am new to Terraform and Azure. I am trying to build a Resource Group / Resources using Terraform. Below is the design for the same.

在此处输入图像描述

I have written Terraform code to build Log Analytics workspace and Automation account. Now below are my questions:

  1. Cost Mgmt / Azure Monitor / Network Watcher / Defender for Cloud? Can I build all these using Terraform code in this resource group or they need to manually built from Azure portal. When we create any resource on the left hand side options like Cost estimator / management are already available. Does that mean they can be easily selected from there on usage and no need to build from Terraform code?
  2. How does we apply Role Entitlement / Policy Assignment from Terraform code?

Here is my code what I have written to build Automation account / Log Analytics

terraform {

  required_version = ">=0.12"
  
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "~>2.0"
    }
  }
}

provider "azurerm" {
  features {}
}

  resource "azurerm_resource_group" "management" {
 
  # Mandatory resource attributes
  name     = "k8s-log-analytics-test"
  location = "eastus"
  
}

resource "random_id" "workspace" {
  keepers = {
    # Generate a new id each time we switch to a new resource group
    group_name = azurerm_resource_group.management.name
  }

  byte_length = 8
}

resource "azurerm_log_analytics_workspace" "management" {
  

  # Mandatory resource attributes
  name                = "k8s-workspace-${random_id.workspace.hex}"
  location            = azurerm_resource_group.management.location
  resource_group_name = azurerm_resource_group.management.name

  # Optional resource attributes 
  retention_in_days          = 30
  sku                        = "PerGB2018"


}

resource "azurerm_log_analytics_solution" "management" {

  # Mandatory resource attributes
  solution_name         = "mgmyloganalytsolution"
  location              = azurerm_resource_group.management.location
  resource_group_name   = azurerm_resource_group.management.name
  workspace_resource_id = azurerm_log_analytics_workspace.management.id
  workspace_name        = azurerm_log_analytics_workspace.management.name
  plan {
    publisher = "Microsoft"
    product   = "OMSGallery/ContainerInsights"
  }


}

resource "azurerm_automation_account" "management" {
  
  # Mandatory resource attributes
  name                = "mgmtautomationaccount"
  location            = azurerm_resource_group.management.location
  resource_group_name = azurerm_resource_group.management.name 
  sku_name = "Basic"
 

}

resource "azurerm_log_analytics_linked_service" "management" {

  # Mandatory resource attributes
  resource_group_name = azurerm_resource_group.management.name
  workspace_id        = azurerm_log_analytics_workspace.management.id
  read_access_id  = azurerm_automation_account.management.id
 

}

1 answers

solution1
 0 ACCPTED  2022-02-22 05:40:44

Cost Mgmt / Azure Monitor / Network Watcher / Defender for Cloud? Can I build all these using Terraform code in this resource group or they need to manually built from Azure portal. When we create any resource on the left hand side options like Cost estimator / management are already available. Does that mean they can be easily selected from there on usage and no need to build from Terraform code?

Yes, you can create Network Watcher, Azure Monitor resources & Cost Management using terraform resource blocks as azurerm.network_watcher , azurerm.network_watcher_flow_log , azurerm_monitor_metric_alert ... , azurerm_resource_group_cost_management_export , azurerm_consumption_budget_resource_group etc. Defender for Cloud can't be built from terraform. Yes you are correct, cost management,monitoring etc are also available on portal but there is a need for its resources to be created like budget alert etc. for simplification it has been added as a blade in portal.

How does we apply Role Entitlement / Policy Assignment from Terraform code?

You can use azurerm_role_assignment to assign built-in roles and use azurerm_role_definition to create a custom role and then assign it. For Policy assignment you can use this azurerm_resource_policy_assignment and remediate using azurerm_policy_insights_remediation .

For all the azure resource block you can refer the Official Registry Documentation of Terraform AzureRM Provider & Terraform AzureAD Provider .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question infrastructure as a code on azure using python How to provision infrastructure in a local zone using terraform? Terraform - create azure cost management view using Rest API call via terraform code Azure event hub using terraform How to sync Terraform state with my AWS infrastructure Documentation for AWS infrastructure as code How does terraform handle Infrastructure autoscaling Azure VM shutdown using variables in Terraform How to code the REST resource dataset of an Azure Data Factory in Terraform Github Actions revert/destroy terraform AWS infrastructure created by Terraform Plan
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM