[英]Azure Terraform Build Generic Components using Infrastructure as Code
我是 Terraform 和 Azure 的新手。我正在尝试使用 Terraform 构建资源组/资源。下面是相同的设计。
我已经编写了 Terraform 代码来构建 Log Analytics 工作区和自动化帐户。 下面是我的问题:
这是我为构建自动化帐户/日志分析而编写的代码
terraform {
required_version = ">=0.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "management" {
# Mandatory resource attributes
name = "k8s-log-analytics-test"
location = "eastus"
}
resource "random_id" "workspace" {
keepers = {
# Generate a new id each time we switch to a new resource group
group_name = azurerm_resource_group.management.name
}
byte_length = 8
}
resource "azurerm_log_analytics_workspace" "management" {
# Mandatory resource attributes
name = "k8s-workspace-${random_id.workspace.hex}"
location = azurerm_resource_group.management.location
resource_group_name = azurerm_resource_group.management.name
# Optional resource attributes
retention_in_days = 30
sku = "PerGB2018"
}
resource "azurerm_log_analytics_solution" "management" {
# Mandatory resource attributes
solution_name = "mgmyloganalytsolution"
location = azurerm_resource_group.management.location
resource_group_name = azurerm_resource_group.management.name
workspace_resource_id = azurerm_log_analytics_workspace.management.id
workspace_name = azurerm_log_analytics_workspace.management.name
plan {
publisher = "Microsoft"
product = "OMSGallery/ContainerInsights"
}
}
resource "azurerm_automation_account" "management" {
# Mandatory resource attributes
name = "mgmtautomationaccount"
location = azurerm_resource_group.management.location
resource_group_name = azurerm_resource_group.management.name
sku_name = "Basic"
}
resource "azurerm_log_analytics_linked_service" "management" {
# Mandatory resource attributes
resource_group_name = azurerm_resource_group.management.name
workspace_id = azurerm_log_analytics_workspace.management.id
read_access_id = azurerm_automation_account.management.id
}
Cost Mgmt / Azure Monitor / Network Watcher / Defender for Cloud? 我可以使用此资源组中的 Terraform 代码构建所有这些,还是需要从 Azure 门户手动构建。 当我们在左侧创建任何资源时,成本估算器/管理等选项已经可用。 这是否意味着可以在使用时轻松地从那里选择它们,而无需从 Terraform 代码构建?
Yes, you can create Network Watcher, Azure Monitor resources & Cost Management using terraform resource blocks as azurerm.network_watcher
, azurerm.network_watcher_flow_log
, azurerm_monitor_metric_alert
...
, azurerm_resource_group_cost_management_export
, azurerm_consumption_budget_resource_group
etc. Defender for Cloud
can't be built from terraform. Yes you是正确的,成本管理、监控等也可在门户上使用,但需要创建其资源,如预算警报等。为了简化,它已作为刀片添加到门户中。
我们如何应用来自 Terraform 代码的角色授权/策略分配?
您可以使用azurerm_role_assignment
分配内置角色并使用azurerm_role_definition
创建自定义角色然后分配它。 对于策略分配,您可以使用此azurerm_resource_policy_assignment
并使用azurerm_policy_insights_remediation
进行补救。
对于所有 azure 资源块,您可以参考 Terraform AzureRM Provider 和Terraform AzureAD Provider
的Official Registry Documentation of Terraform AzureRM Provider
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.