Skip to content

Terraform module composition (feature) to setup Claranet MSP Azure tools

License

Notifications You must be signed in to change notification settings

claranet/terraform-azurerm-run

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Azure RUN feature

Changelog Notice Apache V2 License OpenTofu Registry

A Terraform modules composition (feature) which includes services needed for Claranet RUN/MSP.

It includes:

  • Log Management with the following resources:
    • Log Analytics Workspace
    • Storage Account with SAS Token to upload logs to
  • A Key Vault
  • FAME monitoring function for additional metrics. The following built-in metrics are sent:
    • fame.azure.application_gateway.instances: number of Application Gateway instances
    • fame.azure.backup.file_share: number of successful file shares backups
    • fame.azure.backup.vm: number of successful virtual machines backups
    • fame.azure.virtual_network_gateway.ike_event_success: number of successful ike events for a VPN Gateway

It includes some IaaS specifics:

All deployed resources

Diagram of the full example usage having all features enabled:

All deployed resources

Requirements

  • You need at least the Contributor role on the subscriptions to use update_center_periodic_assessment_enabled with Update Management Center module.

Using sub-modules

The integrated services can be used separately with the same inputs and outputs when it's a sub-module.

Log management

See logs module README.

Monitoring function

See monitoring_function module README

Key Vault

See Key Vault module: terraform-azurerm-keyvault.

Azure Backup

See Azure Backup module README.

Automation Account

See Automation Account module README.

Azure Update

See Update Center module README and Update Management module (legacy) README.

Migrating from older modules

This run module is a merge of the previous run-common and run-iaas modules.

Some previously pre-activated backup and update management features must now be explicitly enabled through *_enabled variables. You must be on the latest version of run_iaas and run_common modules before updating to run module.

You can migrate your Terrafom state with the following commands:

terraform state mv module.run_common.module.keyvault module.run.module.keyvault
terraform state mv module.run_common.module.logs module.run.module.logs
terraform state mv 'module.run_common.module.monitoring_function[0]' 'module.run.module.monitoring_function[0]'
terraform state mv module.run_iaas.module.automation_account 'module.run.module.automation_account[0]'
terraform state mv module.run_iaas.module.backup 'module.run.module.backup[0]'
terraform state mv module.run_iaas.module.update_management 'module.run.module.update_management[0]'
terraform state mv 'module.run_iaas.module.update_management_center["enabled"]' 'module.run.module.update_management_center["enabled"]'
terraform state mv module.run_iaas.module.vm_monitoring 'module.run.module.vm_monitoring[0]'
terraform state mv 'module.run_common.azurerm_role_assignment.function_workspace[0]' 'module.run.azurerm_role_assignment.function_workspace[0]'
terraform apply -target='module.run.null_resource.fake_function_condition[0]'

Global versioning rule for Claranet Azure modules

Module version Terraform version OpenTofu version AzureRM version
>= 8.x.x Unverified 1.8.x >= 4.0
>= 7.x.x 1.3.x >= 3.0
>= 6.x.x 1.x >= 3.0
>= 5.x.x 0.15.x >= 2.0
>= 4.x.x 0.13.x / 0.14.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with Hashicorp Terraform. Instead, we recommend to use OpenTofu.

module "run" {
  source  = "claranet/run/azurerm"
  version = "x.x.x"

  client_name    = var.client_name
  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.name

  monitoring_function_splunk_token = "xxxxxx"
  monitoring_function_metrics_extra_dimensions = {
    env           = var.environment
    sfx_monitored = "true"
  }

  extra_tags = {
    foo = "bar"
  }
}

Providers

Name Version
azurerm ~> 4.9
null ~> 3.0

Modules

Name Source Version
automation_account ./modules/automation-account n/a
backup ./modules/backup n/a
key_vault claranet/keyvault/azurerm ~> 8.0.0
logs ./modules/logs n/a
monitoring_function ./modules/monitoring-function n/a
update_management_center ./modules/update-center n/a
vm_monitoring ./modules/vm-monitoring n/a

Resources

Name Type
azurerm_role_assignment.function_subscription resource
azurerm_role_assignment.function_workspace resource
null_resource.fake_function_condition resource
azurerm_client_config.current data source

Inputs

Name Description Type Default Required
automation_account_custom_name Automation account custom name. string "" no
automation_account_enabled Whether the Automation Account is enabled. Enabled if legacy Update Management is enabled. bool false no
automation_account_extra_tags Extra tags to add to Automation Account. map(string) {} no
automation_account_identity_type Automation Account identity type. Possible values include: null, SystemAssigned and UserAssigned.
object({
type = string
identity_ids = list(string)
})
{
"identity_ids": [],
"type": "SystemAssigned"
}
no
automation_account_sku Automation account Sku. string "Basic" no
automation_diagnostic_settings_custom_name Custom name of the diagnostics settings, name will be 'default' if not set. string "default" no
automation_logs_categories Log categories to send to destinations. list(string) null no
automation_logs_destinations_ids List of destination resources IDs for logs diagnostic destination.
Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.
If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character.
list(string) [] no
automation_logs_metrics_categories Metrics categories to send to destinations. list(string) null no
backup_diagnostic_settings_custom_name Custom name of the diagnostics settings, name will be 'default' if not set. string "default" no
backup_file_share_enabled Whether the File Share backup is enabled. bool false no
backup_logs_categories Log categories to send to destinations. list(string) null no
backup_logs_destinations_ids List of destination resources IDs for logs diagnostic destination.
Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.
If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character.
list(string) [] no
backup_logs_metrics_categories Metrics categories to send to destinations. list(string) null no
backup_managed_disk_enabled Whether the Managed Disk backup is enabled. bool false no
backup_postgresql_enabled Whether the PostgreSQL backup is enabled. bool false no
backup_storage_blob_enabled Whether the Storage blob backup is enabled. bool false no
backup_vault_custom_name Azure Backup Vault custom name. Empty by default, using naming convention. string "" no
backup_vault_datastore_type Type of data store used for the Backup Vault. string "VaultStore" no
backup_vault_extra_tags Extra tags to add to Backup Vault. map(string) {} no
backup_vault_geo_redundancy_enabled Whether the geo redundancy is enabled no the Backup Vault. bool true no
backup_vault_identity_type Azure Backup Vault identity type. Possible values include: null, SystemAssigned. Default to SystemAssigned. string "SystemAssigned" no
backup_vm_enabled Whether the Virtual Machines backup is enabled. bool false no
client_name Client name. string n/a yes
data_collection_syslog_facilities_names List of syslog to retrieve in Data Collection Rule. list(string)
[
"auth",
"authpriv",
"cron",
"daemon",
"mark",
"kern",
"local0",
"local1",
"local2",
"local3",
"local4",
"local5",
"local6",
"local7",
"lpr",
"mail",
"news",
"syslog",
"user",
"uucp"
]
no
data_collection_syslog_levels List of syslog levels to retrieve in Data Collection Rule. list(string)
[
"Error",
"Critical",
"Alert",
"Emergency"
]
no
dcr_custom_name VM Monitoring - Data Collection rule custom name. string "" no
default_tags_enabled Whether the default tags are enabled. bool true no
environment Environment name. string n/a yes
extra_tags Extra tags to add. map(string) {} no
file_share_backup_daily_policy_retention The number of daily file share backups to keep. Must be between 7 and 9999. number 30 no
file_share_backup_monthly_retention Map to configure the monthly File Share backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_monthly
object({
count = number,
weekdays = list(string),
weeks = list(string),
})
null no
file_share_backup_policy_custom_name Azure Backup - File share backup policy custom name. Empty by default, using naming convention. string "" no
file_share_backup_policy_frequency Specifies the frequency for file_share backup schedules. Must be either Daily or Weekly. string "Daily" no
file_share_backup_policy_time The time of day to perform the file share backup in 24hour format. string "04:00" no
file_share_backup_policy_timezone Specifies the timezone for file share backup schedules. Defaults to UTC. string "UTC" no
file_share_backup_weekly_retention Map to configure the weekly File Share backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_weekly
object({
count = number,
weekdays = list(string),
})
null no
file_share_backup_yearly_retention Map to configure the yearly File Share backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_yearly
object({
count = number,
weekdays = list(string),
weeks = list(string),
months = list(string),
})
null no
key_vault_admin_objects_ids Ids of the objects that can do all operations on all keys, secrets and certificates list(string) [] no
key_vault_custom_name Name of the Key Vault, generated if not set. string "" no
key_vault_enabled_for_deployment Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. bool false no
key_vault_enabled_for_disk_encryption Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. bool false no
key_vault_enabled_for_template_deployment Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. bool false no
key_vault_logs_categories Log categories to send to destinations. All by default. list(string) null no
key_vault_logs_metrics_categories Metrics categories to send to destinations. All by default. list(string) null no
key_vault_managed_hardware_security_module_enabled Create a Key Vault Managed HSM resource if enabled. Changing this forces a new resource to be created. bool false no
key_vault_network_acls Object with attributes: bypass, default_action, ip_rules, virtual_network_subnet_ids. See https://www.terraform.io/docs/providers/azurerm/r/key_vault.html#bypass for more informations.
object({
bypass = optional(string, "None"),
default_action = optional(string, "Deny"),
ip_rules = optional(list(string)),
virtual_network_subnet_ids = optional(list(string)),
})
{} no
key_vault_public_network_access_enabled Whether access to the Key Vault, from a public network is allowed. bool false no
key_vault_rbac_authorization_enabled Whether the Key Vault uses Role Based Access Control (RBAC) for authorization of data actions instead of access policies. bool false no
key_vault_reader_objects_ids Ids of the objects that can read all keys, secrets and certificates list(string) [] no
key_vault_resource_group_name Resource Group the Key Vault will belong to. Will use resource_group_name if not set. string "" no
key_vault_sku The Name of the SKU used for this Key Vault. Possible values are "standard" and "premium". string "standard" no
key_vault_soft_delete_retention_days The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. number 7 no
keyvault_extra_tags Extra tags to add to the Key Vault map(string) {} no
location Azure location. string n/a yes
location_short Short string for Azure location. string n/a yes
log_analytics_resource_group_name Log Analytics Workspace resource group name (if different from resource_group_name variable.). string null no
log_analytics_workspace_custom_name Azure Log Analytics Workspace custom name. Empty by default, using naming convention. string "" no
log_analytics_workspace_daily_quota_gb The workspace daily quota for ingestion in GB. Defaults to -1 (unlimited). number -1 no
log_analytics_workspace_extra_tags Extra tags to add to the Log Analytics Workspace map(string) {} no
log_analytics_workspace_id Log Analytics Workspace ID where the logs are sent and linked to Automation account. string null no
log_analytics_workspace_link_enabled Enable Log Analytics Workspace that will be connected with the automation account. bool true no
log_analytics_workspace_name_prefix Log Analytics name prefix string "" no
log_analytics_workspace_retention_in_days The workspace data retention in days. Possible values range between 30 and 730. number 30 no
log_analytics_workspace_sku Specifies the SKU of the Log Analytics Workspace. Possible values are Free, PerNode, Premium, Standard, Standalone, Unlimited, and PerGB2018 (new Sku as of 2018-04-03). string "PerGB2018" no
logs_delete_after_days_since_modification_greater_than Delete blob after x days without modification number 365 no
logs_rbac_storage_blob_role_principal_ids The principal IDs of the users, groups, and service principals to assign the Storage Blob Data * different roles to if Blob containers are created.
object({
blob_owners = optional(list(string), [])
blob_contributors = optional(list(string), [])
blob_readers = optional(list(string), [])
})
{
"blob_contributors": [],
"blob_owners": [],
"blob_readers": []
}
no
logs_rbac_storage_contributor_role_principal_ids The principal IDs of the users, groups, and service principals to assign the Storage Account Contributor role to. list(string) [] no
logs_resource_group_name Resource Group the resources for log management will belong to. Will use resource_group_name if not set. string "" no
logs_storage_account_access_tier Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts. Valid options are Hot and Cool, defaults to Hot. string "Hot" no
logs_storage_account_advanced_threat_protection_enabled Enable/disable Advanced Threat Protection, see here for more information. bool false no
logs_storage_account_archived_logs_fileshare_enabled Enable/disable archived-logs file share creation bool false no
logs_storage_account_archived_logs_fileshare_name Name of the file share in which externalized logs are stored string "archived-logs" no
logs_storage_account_archived_logs_fileshare_quota The maximum size in GB of the archived-logs file share, default is 5120 number null no
logs_storage_account_archiving_enabled Enable/disable blob archiving lifecycle bool true no
logs_storage_account_custom_name Storage Account for logs custom name. Empty by default, using naming convention. string "" no
logs_storage_account_customer_managed_key Customer Managed Key. Please refer to the documentation for more information.
object({
key_vault_key_id = optional(string)
managed_hsm_key_id = optional(string)
user_assigned_identity_id = optional(string)
})
null no
logs_storage_account_enabled Whether the dedicated Storage Account for logs is deployed. bool true no
logs_storage_account_extra_tags Extra tags to add to the logs Storage Account map(string) {} no
logs_storage_account_https_traffic_only_enabled Enable/disable HTTPS traffic only bool true no
logs_storage_account_identity_ids List of User Assigned Identity IDs to assign to the Storage Account. list(string) null no
logs_storage_account_identity_type The identity type of the storage account. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned. string "SystemAssigned" no
logs_storage_account_kind Storage Account Kind string "StorageV2" no
logs_storage_account_name_prefix Storage Account name prefix string "" no
logs_storage_account_replication_type Storage Account Replication type string "LRS" no
logs_storage_account_tier Storage Account tier string "Standard" no
logs_storage_min_tls_version Storage Account minimal TLS version string "TLS1_2" no
logs_storage_shared_access_key_enabled Indicates whether the Storage Account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Entra ID). bool false no
logs_tier_to_archive_after_days_since_modification_greater_than Change blob tier to Archive after x days without modification number 90 no
logs_tier_to_cool_after_days_since_modification_greater_than Change blob tier to cool after x days without modification number 30 no
managed_disk_backup_daily_policy_retention_in_days The number of days to keep the first daily Managed Disk backup. number null no
managed_disk_backup_policy_custom_name Azure Backup - Managed disk backup policy custom name. Empty by default, using naming convention. string "" no
managed_disk_backup_policy_interval_in_hours The Managed Disk backup interval in hours. string 24 no
managed_disk_backup_policy_retention_in_days The number of days to keep the Managed Disk backup. number 30 no
managed_disk_backup_policy_time The time of day to perform the Managed Disk backup in 24 hours format (eg 04:00). string "04:00" no
managed_disk_backup_weekly_policy_retention_in_weeks The number of weeks to keep the first weekly Managed Disk backup. number null no
monitoring_function_advanced_threat_protection_enabled FAME function app's storage account: Enable Advanced Threat Protection. bool false no
monitoring_function_app_service_plan_name FAME App Service Plan custom name. Empty by default, using naming convention. string null no
monitoring_function_application_insights_custom_name FAME Application Insights custom name. Empty by default, using naming convention. string null no
monitoring_function_application_insights_enabled Whether FAME Application Insights is deployed. bool true no
monitoring_function_assign_roles True to assign roles for the monitoring Function on the Log Analytics Workspace (Log Analytics Reader) and the Subscription (Reader). bool true no
monitoring_function_enabled Whether additional Monitoring Function is enabled. bool true no
monitoring_function_extra_application_settings Extra application settings to set on monitoring Function. map(string) {} no
monitoring_function_extra_tags Monitoring function extra tags to add map(string) {} no
monitoring_function_function_app_custom_name FAME Function App custom name. Empty by default, using naming convention. string null no
monitoring_function_logs_categories Monitoring function log categories to send to destinations. All by default. list(string) null no
monitoring_function_logs_metrics_categories Monitoring function metrics categories to send to destinations. All by default. list(string) null no
monitoring_function_metrics_extra_dimensions Extra dimensions sent with metrics. map(string) {} no
monitoring_function_splunk_token Access Token to send metrics to Splunk Observability. string null no
monitoring_function_storage_account_custom_name FAME Storage Account custom name. Empty by default, using naming convention. string null no
monitoring_function_zip_package_path Zip package path for monitoring function. string "https://github.com/claranet/fame/releases/download/v1.2.1/fame.zip" no
monitoring_rbac_storage_contributor_role_principal_ids The principal IDs of the users, groups, and service principals to assign the Storage Account Contributor role to. list(string) [] no
monitoring_rbac_storage_table_role_principal_ids The principal IDs of the users, groups, and service principals to assign the Storage Table Data * role to.
object({
contributors = optional(list(string), [])
readers = optional(list(string), [])
})
{} no
name_prefix Optional prefix for the generated name. string "" no
name_suffix Optional suffix for the generated name. string "" no
postgresql_backup_daily_policy_retention_in_days The number of days to keep the first daily Postgresql backup. number null no
postgresql_backup_monthly_policy_retention_in_months The number of months to keep the first monthly Postgresql backup. number null no
postgresql_backup_policy_custom_name Azure Backup - PostgreSQL backup policy custom name. Empty by default, using naming convention. string "" no
postgresql_backup_policy_interval_in_hours The Postgresql backup interval in hours. string 24 no
postgresql_backup_policy_retention_in_days The number of days to keep the Postgresql backup. number 30 no
postgresql_backup_policy_time The time of day to perform the Postgresql backup in 24 hours format (eg 04:00). string "04:00" no
postgresql_backup_weekly_policy_retention_in_weeks The number of weeks to keep the first weekly Postgresql backup. number null no
recovery_vault_cross_region_restore_enabled Is cross region restore enabled for this Vault? Can only be true, when storage_mode_type is GeoRedundant. bool true no
recovery_vault_custom_name Azure Recovery Vault custom name. Empty by default, using naming convention. string "" no
recovery_vault_extra_tags Extra tags to add to Recovery Vault. map(string) {} no
recovery_vault_identity_type Azure Recovery Vault identity type. Possible values include: null, SystemAssigned. Default to SystemAssigned. string "SystemAssigned" no
recovery_vault_sku Azure Recovery Vault SKU. Possible values include: Standard, RS0. Default to Standard. string "Standard" no
recovery_vault_soft_delete_enabled Is soft delete enable for this Vault? Defaults to true. bool true no
recovery_vault_storage_mode_type The storage type of the Recovery Services Vault. Possible values are GeoRedundant, LocallyRedundant and ZoneRedundant. Defaults to GeoRedundant. string "GeoRedundant" no
resource_group_name Resource Group the resources will belong to. string n/a yes
stack Stack name. string n/a yes
storage_blob_backup_policy_custom_name Azure Backup - Storage blob backup policy custom name. Empty by default, using naming convention. string "" no
storage_blob_backup_policy_retention_in_days The number of days to keep the Storage blob backup. number 30 no
tenant_id Tenant ID. string null no
update_center_enabled Whether the Update Management Center is enabled. bool false no
update_center_maintenance_configurations Update Management Center maintenance configurations.
list(object({
configuration_name = string
start_date_time = string
duration = optional(string, "02:00")
time_zone = optional(string, "UTC")
recur_every = string
reboot_setting = optional(string, "IfRequired")
windows_classifications_to_include = optional(list(string), [
"Critical",
"Definition",
"FeaturePack",
"Security",
"ServicePack",
"Tools",
"UpdateRollup",
"Updates",
])
linux_classifications_to_include = optional(list(string), [
"Critical",
"Security",
"Other",
])
windows_kb_numbers_to_exclude = optional(list(string), [])
windows_kb_numbers_to_include = optional(list(string), [])
linux_package_names_to_exclude = optional(list(string), [])
linux_package_names_to_include = optional(list(string), [])
}))
[] no
update_center_periodic_assessment_enabled Enable auto-assessment (every 24 hours) for OS updates on native Azure virtual machines by assigning Azure Policy. bool true no
update_center_periodic_assessment_exclusions Exclude some resources from auto-assessment. list(string) [] no
update_center_periodic_assessment_scopes Scope to assign the Azure Policy for auto-assessment. Can be Management Groups, Subscriptions, Resource Groups or Virtual Machines. list(string) [] no
vm_backup_daily_policy_retention The number of daily VM backups to keep. Must be between 7 and 9999. number 30 no
vm_backup_monthly_retention Map to configure the monthly VM backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_monthly
object({
count = number,
weekdays = list(string),
weeks = list(string),
})
null no
vm_backup_policy_custom_name Azure Backup - VM backup policy custom name. Empty by default, using naming convention. string "" no
vm_backup_policy_frequency Specifies the frequency for VM backup schedules. Must be either Daily or Weekly. string "Daily" no
vm_backup_policy_time The time of day to perform the VM backup in 24hour format. string "04:00" no
vm_backup_policy_timezone Specifies the timezone for VM backup schedules. Defaults to UTC. string "UTC" no
vm_backup_policy_type Type of the Backup Policy. Possible values are V1 and V2 where V2 stands for the Enhanced Policy. Defaults to V1. Changing this forces a new resource to be created. string "V1" no
vm_backup_weekly_retention Map to configure the weekly VM backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_weekly
object({
count = number,
weekdays = list(string),
})
null no
vm_backup_yearly_retention Map to configure the yearly VM backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_yearly
object({
count = number,
weekdays = list(string),
weeks = list(string),
months = list(string),
})
null no
vm_monitoring_enabled Whether Data Collection Rules for VM monitoring are enabled. bool false no

Outputs

Name Description
automation_account_dsc_primary_access_key Azure Automation Account DSC primary access key.
automation_account_dsc_secondary_access_key Azure Automation Account DSC secondary access key.
automation_account_dsc_server_endpoint Azure Automation Account DSC server endpoint.
automation_account_id Azure Automation Account ID.
automation_account_identity Identity block with principal ID and tenant ID.
automation_account_name Azure Automation Account name.
backup_vault_id Azure Backup Vault ID.
backup_vault_identity Azure Backup Services Vault identity.
backup_vault_name Azure Backup Vault name.
data_collection_rule Azure Monitor Data Collection Rule object.
data_collection_rule_id ID of the Azure Monitor Data Collection Rule.
data_collection_rule_name Name of the Azure Monitor Data Collection Rule.
file_share_backup_policy_id File share Backup policy ID.
file_share_backup_policy_name File share Backup policy name.
key_vault_id ID of the Key Vault.
key_vault_name Name of the Key Vault.
key_vault_resource_group_name Resource Group of the Key Vault.
key_vault_uri URI of the Key Vault.
log_analytics_workspace_guid The Log Analytics Workspace GUID.
log_analytics_workspace_id The Log Analytics Workspace ID.
log_analytics_workspace_location The Log Analytics Workspace location.
log_analytics_workspace_name The Log Analytics Workspace name.
log_analytics_workspace_primary_key The primary shared key for the Log Analytics Workspace.
log_analytics_workspace_secondary_key The secondary shared key for the Log Analytics Workspace.
logs_resource_group_name Resource Group of the logs resources.
logs_storage_account_archived_logs_fileshare_name Name of the file share in which externalized logs are stored.
logs_storage_account_id ID of the logs Storage Account.
logs_storage_account_name Name of the logs Storage Account.
logs_storage_account_primary_access_key Primary connection string of the logs Storage Account.
logs_storage_account_primary_connection_string Primary connection string of the logs Storage Account.
logs_storage_account_secondary_access_key Secondary connection string of the logs Storage Account.
logs_storage_account_secondary_connection_string Secondary connection string of the logs Storage Account.
maintenance_configurations Update Center Maintenance Configurations information.
managed_disk_backup_policy_id Managed disk Backup policy ID.
module_automation Module automation outputs.
module_backup Module backup outputs.
module_key_vault Key Vault module outputs.
module_logs Module logs outputs.
module_maintenance_configurations Module maintenance configurations outputs.
module_monitoring_function Monitoring function module outputs.
monitoring_function_app_identity_principal_id Identity principal ID output of the Function App.
monitoring_function_application_insights_app_id App ID of the associated Application Insights.
monitoring_function_application_insights_application_type Application Type of the associated Application Insights.
monitoring_function_application_insights_id ID of the associated Application Insights.
monitoring_function_application_insights_instrumentation_key Instrumentation key of the associated Application Insights.
monitoring_function_application_insights_name Name of the associated Application Insights.
monitoring_function_function_app_connection_string Connection string of the created Function App.
monitoring_function_function_app_id ID of the created Function App.
monitoring_function_function_app_name Name of the created Function App.
monitoring_function_function_app_outbound_ip_addresses Outbound IP addresses of the created Function App.
monitoring_function_service_plan_id Id of the created Service Plan.
monitoring_function_service_plan_name Name of the created Service Plan.
monitoring_function_storage_account_id ID of the associated Storage Account, empty if connection string provided.
monitoring_function_storage_account_name Name of the associated Storage Account, empty if connection string provided.
monitoring_function_storage_account_primary_access_key Primary connection string of the associated Storage Account, empty if connection string provided.
monitoring_function_storage_account_primary_connection_string Primary connection string of the associated Storage Account, empty if connection string provided.
monitoring_function_storage_account_secondary_access_key Secondary connection string of the associated Storage Account, empty if connection string provided.
monitoring_function_storage_account_secondary_connection_string Secondary connection string of the associated Storage Account, empty if connection string provided.
monitoring_function_storage_queries_table_name Name of the queries table in the Storage Account, empty if connection string provided.
postgresql_backup_policy_id PostgreSQL Backup policy ID.
recovery_vault_id Azure Recovery Services Vault ID.
recovery_vault_identity Azure Recovery Services Vault identity.
recovery_vault_name Azure Recovery Services Vault name.
storage_blob_backup_policy_id Storage blob Backup policy ID.
terraform_module Information about this Terraform module
vm_backup_policy_id VM Backup policy ID.
vm_backup_policy_name VM Backup policy name.

Related documentation