[英]Azure Terraform Build Generic Components using Infrastructure as Code
我是 Terraform 和 Azure 的新手。我正在嘗試使用 Terraform 構建資源組/資源。下面是相同的設計。
我已經編寫了 Terraform 代碼來構建 Log Analytics 工作區和自動化帳戶。 下面是我的問題:
這是我為構建自動化帳戶/日志分析而編寫的代碼
terraform {
required_version = ">=0.12"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.0"
}
}
}
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "management" {
# Mandatory resource attributes
name = "k8s-log-analytics-test"
location = "eastus"
}
resource "random_id" "workspace" {
keepers = {
# Generate a new id each time we switch to a new resource group
group_name = azurerm_resource_group.management.name
}
byte_length = 8
}
resource "azurerm_log_analytics_workspace" "management" {
# Mandatory resource attributes
name = "k8s-workspace-${random_id.workspace.hex}"
location = azurerm_resource_group.management.location
resource_group_name = azurerm_resource_group.management.name
# Optional resource attributes
retention_in_days = 30
sku = "PerGB2018"
}
resource "azurerm_log_analytics_solution" "management" {
# Mandatory resource attributes
solution_name = "mgmyloganalytsolution"
location = azurerm_resource_group.management.location
resource_group_name = azurerm_resource_group.management.name
workspace_resource_id = azurerm_log_analytics_workspace.management.id
workspace_name = azurerm_log_analytics_workspace.management.name
plan {
publisher = "Microsoft"
product = "OMSGallery/ContainerInsights"
}
}
resource "azurerm_automation_account" "management" {
# Mandatory resource attributes
name = "mgmtautomationaccount"
location = azurerm_resource_group.management.location
resource_group_name = azurerm_resource_group.management.name
sku_name = "Basic"
}
resource "azurerm_log_analytics_linked_service" "management" {
# Mandatory resource attributes
resource_group_name = azurerm_resource_group.management.name
workspace_id = azurerm_log_analytics_workspace.management.id
read_access_id = azurerm_automation_account.management.id
}
Cost Mgmt / Azure Monitor / Network Watcher / Defender for Cloud? 我可以使用此資源組中的 Terraform 代碼構建所有這些,還是需要從 Azure 門戶手動構建。 當我們在左側創建任何資源時,成本估算器/管理等選項已經可用。 這是否意味着可以在使用時輕松地從那里選擇它們,而無需從 Terraform 代碼構建?
Yes, you can create Network Watcher, Azure Monitor resources & Cost Management using terraform resource blocks as azurerm.network_watcher
, azurerm.network_watcher_flow_log
, azurerm_monitor_metric_alert
...
, azurerm_resource_group_cost_management_export
, azurerm_consumption_budget_resource_group
etc. Defender for Cloud
can't be built from terraform. Yes you是正確的,成本管理、監控等也可在門戶上使用,但需要創建其資源,如預算警報等。為了簡化,它已作為刀片添加到門戶中。
我們如何應用來自 Terraform 代碼的角色授權/策略分配?
您可以使用azurerm_role_assignment
分配內置角色並使用azurerm_role_definition
創建自定義角色然后分配它。 對於策略分配,您可以使用此azurerm_resource_policy_assignment
並使用azurerm_policy_insights_remediation
進行補救。
對於所有 azure 資源塊,您可以參考 Terraform AzureRM Provider 和Terraform AzureAD Provider
的Official Registry Documentation of Terraform AzureRM Provider
。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.