Skip to content

Coalfire-CF/terraform-azurerm-diagnostics

Repository files navigation

Coalfire

terraform-azurerm-diaganostics

Diagnostic module for Azure. Enables FedRAMP required log settings for supported resources to a Log Analytics Workspace.

Learn more at Coalfire OpenSource.

Description

  • Cloud(s) supported:{Government/Commercial} Both
  • Cloud(s) verified: Government
  • Product Version/License:
  • FedRAMP Compliance Support: Moderate, High
  • DoD Compliance Support:{IL4/5} IL4, IL5
  • Misc Framework Support:

Setup and usage

You can consume this as part of any Azure project. There are no known outside dependencies. View the module README for detailed instructions.

Code updates

If you need to support resources in addition to this list, you will need to creation additional config files.

These are the resources that this module supports:

  • ACR
  • Application Gateway
  • AKS
  • App Service
  • App Service Environment
  • Automation Accounts
  • Azure Virtual Desktop Hostpool
  • Azure Virtual Desktop Workspace
  • Backup (Recovery Services Vault)
  • Cosmos Database
  • Data Factory
  • Databricks
  • Event Hub
  • Functions
  • Azure Firewall
  • Key Vault
  • Kusto
  • Log Analytics Workspace
  • Load Balancer
  • Logic App
  • MSSQL Database
  • MSSQL Elastic Pools
  • MSSQL Server
  • MySQL Managed Instance
  • NSG
  • PostgreSQL Managed Instance
  • Redis
  • Redis Enterprise Cluster
  • SQL
  • Storage Accounts
  • Subscriptions
  • Vnet
  • Web App

Usage

provider "azurerm" {
  features {}
}

module "kv_diag" {
  source                = "github.com/Coalfire-CF/terraform-azurerm-diagnostics"
  diag_log_analytics_id = var.diag_log_analytics_id
  resource_id           = azurerm_key_vault.default.id
  resource_type         = "kv"
}

Requirements

No requirements.

Providers

Name Version
azurerm n/a

Modules

No modules.

Resources

Name Type
azurerm_monitor_diagnostic_setting.aa_diag resource
azurerm_monitor_diagnostic_setting.acr_diag resource
azurerm_monitor_diagnostic_setting.agw_diag resource
azurerm_monitor_diagnostic_setting.aks_diag resource
azurerm_monitor_diagnostic_setting.ase_diag resource
azurerm_monitor_diagnostic_setting.asp_diag resource
azurerm_monitor_diagnostic_setting.avd_hostpool_diag resource
azurerm_monitor_diagnostic_setting.avd_workspace_diag resource
azurerm_monitor_diagnostic_setting.cdb_diag resource
azurerm_monitor_diagnostic_setting.dbk_diag resource
azurerm_monitor_diagnostic_setting.df_diag resource
azurerm_monitor_diagnostic_setting.eh_diag resource
azurerm_monitor_diagnostic_setting.file_table_diag resource
azurerm_monitor_diagnostic_setting.func_diag resource
azurerm_monitor_diagnostic_setting.fw_diag resource
azurerm_monitor_diagnostic_setting.kusto_diag resource
azurerm_monitor_diagnostic_setting.kv_diag resource
azurerm_monitor_diagnostic_setting.law_diag resource
azurerm_monitor_diagnostic_setting.lb_diag resource
azurerm_monitor_diagnostic_setting.logicapp_diag resource
azurerm_monitor_diagnostic_setting.msql_diag resource
azurerm_monitor_diagnostic_setting.mssql_db_diag resource
azurerm_monitor_diagnostic_setting.mssql_diag resource
azurerm_monitor_diagnostic_setting.mssql_ep_diag resource
azurerm_monitor_diagnostic_setting.nsg_diag resource
azurerm_monitor_diagnostic_setting.psql_diag resource
azurerm_monitor_diagnostic_setting.rdc_diag resource
azurerm_monitor_diagnostic_setting.rdec_diag resource
azurerm_monitor_diagnostic_setting.rsv_backup_diag resource
azurerm_monitor_diagnostic_setting.rsv_site_recovery_diag resource
azurerm_monitor_diagnostic_setting.sa_blob_diag resource
azurerm_monitor_diagnostic_setting.sa_diag resource
azurerm_monitor_diagnostic_setting.sa_queue_diag resource
azurerm_monitor_diagnostic_setting.sa_table_diag resource
azurerm_monitor_diagnostic_setting.sql_diag resource
azurerm_monitor_diagnostic_setting.sub_diag resource
azurerm_monitor_diagnostic_setting.vnet_diag resource
azurerm_monitor_diagnostic_setting.webapp_diag resource
azurerm_mssql_database_extended_auditing_policy.mssql_db_audit_policy resource
azurerm_mssql_server_extended_auditing_policy.mssql_audit_policy resource

Inputs

Name Description Type Default Required
diag_log_analytics_id ID of the Log Analytics Workspace diagnostic logs should be sent to string n/a yes
resource_id Target resource ID string n/a yes
resource_type The resource type i.e Azure product name (follow CF naming convention). string n/a yes

Outputs

No outputs.

Contributing

Start Here

License

License

Contact Us

Coalfire

Copyright

Copyright © 2023 Coalfire Systems Inc.