A Terraform modules composition (feature) which includes services needed for Claranet RUN/MSP.
It includes:
- Log Management with the following resources:
- Log Analytics Workspace
- Storage Account with SAS Token to upload logs to
- A Key Vault
- FAME monitoring function for additional metrics. The following built-in metrics are sent:
fame.azure.application_gateway.instances
: number of Application Gateway instancesfame.azure.backup.file_share
: number of successful file shares backupsfame.azure.backup.vm
: number of successful virtual machines backupsfame.azure.virtual_network_gateway.ike_event_success
: number of successful ike events for a VPN Gateway
It includes some IaaS specifics:
- Azure Backup (example)
- A Recovery Services Vault to store VM backups (documentation).
- A VM backup policy to assign on VM instances (via the vm-backup module).
- A file share backup policy to assign on Storage Account file shares (via the backup_protected_file_share terraform resource)
- A diagnostics settings to manage logging (documentation)
- An Automation account to execute runbooks (documentation) (example)
- A Data Collection Rule to gather metrics and logs from Virtual Machines (documentation)
- Azure Update Center using Update Management Center (documentation) (example)
Diagram of the full example usage having all features enabled:
- You need at least the
Contributor
role on the subscriptions to useupdate_center_periodic_assessment_enabled
with Update Management Center module.
The integrated services can be used separately with the same inputs and outputs when it's a sub-module.
See logs
module README.
See monitoring_function
module README
See Key Vault module: terraform-azurerm-keyvault.
See Azure Backup module README.
See Automation Account module README.
See Update Center module README and Update Management module (legacy) README.
This run
module is a merge of the previous run-common and
run-iaas modules.
Some previously pre-activated backup and update management features must now be explicitly enabled through *_enabled
variables.
You must be on the latest version of run_iaas
and run_common
modules before updating to run
module.
You can migrate your Terrafom state with the following commands:
terraform state mv module.run_common.module.keyvault module.run.module.keyvault
terraform state mv module.run_common.module.logs module.run.module.logs
terraform state mv 'module.run_common.module.monitoring_function[0]' 'module.run.module.monitoring_function[0]'
terraform state mv module.run_iaas.module.automation_account 'module.run.module.automation_account[0]'
terraform state mv module.run_iaas.module.backup 'module.run.module.backup[0]'
terraform state mv module.run_iaas.module.update_management 'module.run.module.update_management[0]'
terraform state mv 'module.run_iaas.module.update_management_center["enabled"]' 'module.run.module.update_management_center["enabled"]'
terraform state mv module.run_iaas.module.vm_monitoring 'module.run.module.vm_monitoring[0]'
terraform state mv 'module.run_common.azurerm_role_assignment.function_workspace[0]' 'module.run.azurerm_role_assignment.function_workspace[0]'
terraform apply -target='module.run.null_resource.fake_function_condition[0]'
Module version | Terraform version | OpenTofu version | AzureRM version |
---|---|---|---|
>= 8.x.x | Unverified | 1.8.x | >= 4.0 |
>= 7.x.x | 1.3.x | >= 3.0 | |
>= 6.x.x | 1.x | >= 3.0 | |
>= 5.x.x | 0.15.x | >= 2.0 | |
>= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
>= 3.x.x | 0.12.x | >= 2.0 | |
>= 2.x.x | 0.12.x | < 2.0 | |
< 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper
available in the documentation.
module "run" {
source = "claranet/run/azurerm"
version = "x.x.x"
client_name = var.client_name
location = module.azure_region.location
location_short = module.azure_region.location_short
environment = var.environment
stack = var.stack
resource_group_name = module.rg.name
monitoring_function_splunk_token = "xxxxxx"
monitoring_function_metrics_extra_dimensions = {
env = var.environment
sfx_monitored = "true"
}
extra_tags = {
foo = "bar"
}
}
Name | Version |
---|---|
azurerm | ~> 4.9 |
null | ~> 3.0 |
Name | Source | Version |
---|---|---|
automation_account | ./modules/automation-account | n/a |
backup | ./modules/backup | n/a |
key_vault | claranet/keyvault/azurerm | ~> 8.0.0 |
logs | ./modules/logs | n/a |
monitoring_function | ./modules/monitoring-function | n/a |
update_management_center | ./modules/update-center | n/a |
vm_monitoring | ./modules/vm-monitoring | n/a |
Name | Type |
---|---|
azurerm_role_assignment.function_subscription | resource |
azurerm_role_assignment.function_workspace | resource |
null_resource.fake_function_condition | resource |
azurerm_client_config.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
automation_account_custom_name | Automation account custom name. | string |
"" |
no |
automation_account_enabled | Whether the Automation Account is enabled. Enabled if legacy Update Management is enabled. | bool |
false |
no |
automation_account_extra_tags | Extra tags to add to Automation Account. | map(string) |
{} |
no |
automation_account_identity_type | Automation Account identity type. Possible values include: null , SystemAssigned and UserAssigned . |
object({ |
{ |
no |
automation_account_sku | Automation account Sku. | string |
"Basic" |
no |
automation_diagnostic_settings_custom_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
automation_logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
automation_logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account , Log Analytics Workspace and Event Hub . No more than one of each can be set.If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character. |
list(string) |
[] |
no |
automation_logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
backup_diagnostic_settings_custom_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
backup_file_share_enabled | Whether the File Share backup is enabled. | bool |
false |
no |
backup_logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
backup_logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account , Log Analytics Workspace and Event Hub . No more than one of each can be set.If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character. |
list(string) |
[] |
no |
backup_logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
backup_managed_disk_enabled | Whether the Managed Disk backup is enabled. | bool |
false |
no |
backup_postgresql_enabled | Whether the PostgreSQL backup is enabled. | bool |
false |
no |
backup_storage_blob_enabled | Whether the Storage blob backup is enabled. | bool |
false |
no |
backup_vault_custom_name | Azure Backup Vault custom name. Empty by default, using naming convention. | string |
"" |
no |
backup_vault_datastore_type | Type of data store used for the Backup Vault. | string |
"VaultStore" |
no |
backup_vault_extra_tags | Extra tags to add to Backup Vault. | map(string) |
{} |
no |
backup_vault_geo_redundancy_enabled | Whether the geo redundancy is enabled no the Backup Vault. | bool |
true |
no |
backup_vault_identity_type | Azure Backup Vault identity type. Possible values include: null , SystemAssigned . Default to SystemAssigned . |
string |
"SystemAssigned" |
no |
backup_vm_enabled | Whether the Virtual Machines backup is enabled. | bool |
false |
no |
client_name | Client name. | string |
n/a | yes |
data_collection_syslog_facilities_names | List of syslog to retrieve in Data Collection Rule. | list(string) |
[ |
no |
data_collection_syslog_levels | List of syslog levels to retrieve in Data Collection Rule. | list(string) |
[ |
no |
dcr_custom_name | VM Monitoring - Data Collection rule custom name. | string |
"" |
no |
default_tags_enabled | Whether the default tags are enabled. | bool |
true |
no |
environment | Environment name. | string |
n/a | yes |
extra_tags | Extra tags to add. | map(string) |
{} |
no |
file_share_backup_daily_policy_retention | The number of daily file share backups to keep. Must be between 7 and 9999. | number |
30 |
no |
file_share_backup_monthly_retention | Map to configure the monthly File Share backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_monthly | object({ |
null |
no |
file_share_backup_policy_custom_name | Azure Backup - File share backup policy custom name. Empty by default, using naming convention. | string |
"" |
no |
file_share_backup_policy_frequency | Specifies the frequency for file_share backup schedules. Must be either Daily or Weekly . |
string |
"Daily" |
no |
file_share_backup_policy_time | The time of day to perform the file share backup in 24hour format. | string |
"04:00" |
no |
file_share_backup_policy_timezone | Specifies the timezone for file share backup schedules. Defaults to UTC . |
string |
"UTC" |
no |
file_share_backup_weekly_retention | Map to configure the weekly File Share backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_weekly | object({ |
null |
no |
file_share_backup_yearly_retention | Map to configure the yearly File Share backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_file_share#retention_yearly | object({ |
null |
no |
key_vault_admin_objects_ids | Ids of the objects that can do all operations on all keys, secrets and certificates | list(string) |
[] |
no |
key_vault_custom_name | Name of the Key Vault, generated if not set. | string |
"" |
no |
key_vault_enabled_for_deployment | Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. | bool |
false |
no |
key_vault_enabled_for_disk_encryption | Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. | bool |
false |
no |
key_vault_enabled_for_template_deployment | Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. | bool |
false |
no |
key_vault_logs_categories | Log categories to send to destinations. All by default. | list(string) |
null |
no |
key_vault_logs_metrics_categories | Metrics categories to send to destinations. All by default. | list(string) |
null |
no |
key_vault_managed_hardware_security_module_enabled | Create a Key Vault Managed HSM resource if enabled. Changing this forces a new resource to be created. | bool |
false |
no |
key_vault_network_acls | Object with attributes: bypass , default_action , ip_rules , virtual_network_subnet_ids . See https://www.terraform.io/docs/providers/azurerm/r/key_vault.html#bypass for more informations. |
object({ |
{} |
no |
key_vault_public_network_access_enabled | Whether access to the Key Vault, from a public network is allowed. | bool |
false |
no |
key_vault_rbac_authorization_enabled | Whether the Key Vault uses Role Based Access Control (RBAC) for authorization of data actions instead of access policies. | bool |
false |
no |
key_vault_reader_objects_ids | Ids of the objects that can read all keys, secrets and certificates | list(string) |
[] |
no |
key_vault_resource_group_name | Resource Group the Key Vault will belong to. Will use resource_group_name if not set. |
string |
"" |
no |
key_vault_sku | The Name of the SKU used for this Key Vault. Possible values are "standard" and "premium". | string |
"standard" |
no |
key_vault_soft_delete_retention_days | The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 days. |
number |
7 |
no |
keyvault_extra_tags | Extra tags to add to the Key Vault | map(string) |
{} |
no |
location | Azure location. | string |
n/a | yes |
location_short | Short string for Azure location. | string |
n/a | yes |
log_analytics_resource_group_name | Log Analytics Workspace resource group name (if different from resource_group_name variable.). |
string |
null |
no |
log_analytics_workspace_custom_name | Azure Log Analytics Workspace custom name. Empty by default, using naming convention. | string |
"" |
no |
log_analytics_workspace_daily_quota_gb | The workspace daily quota for ingestion in GB. Defaults to -1 (unlimited). | number |
-1 |
no |
log_analytics_workspace_extra_tags | Extra tags to add to the Log Analytics Workspace | map(string) |
{} |
no |
log_analytics_workspace_id | Log Analytics Workspace ID where the logs are sent and linked to Automation account. | string |
null |
no |
log_analytics_workspace_link_enabled | Enable Log Analytics Workspace that will be connected with the automation account. | bool |
true |
no |
log_analytics_workspace_name_prefix | Log Analytics name prefix | string |
"" |
no |
log_analytics_workspace_retention_in_days | The workspace data retention in days. Possible values range between 30 and 730. | number |
30 |
no |
log_analytics_workspace_sku | Specifies the SKU of the Log Analytics Workspace. Possible values are Free, PerNode, Premium, Standard, Standalone, Unlimited, and PerGB2018 (new Sku as of 2018-04-03). | string |
"PerGB2018" |
no |
logs_delete_after_days_since_modification_greater_than | Delete blob after x days without modification | number |
365 |
no |
logs_rbac_storage_blob_role_principal_ids | The principal IDs of the users, groups, and service principals to assign the Storage Blob Data * different roles to if Blob containers are created. |
object({ |
{ |
no |
logs_rbac_storage_contributor_role_principal_ids | The principal IDs of the users, groups, and service principals to assign the Storage Account Contributor role to. |
list(string) |
[] |
no |
logs_resource_group_name | Resource Group the resources for log management will belong to. Will use resource_group_name if not set. |
string |
"" |
no |
logs_storage_account_access_tier | Defines the access tier for BlobStorage , FileStorage and StorageV2 accounts. Valid options are Hot and Cool , defaults to Hot . |
string |
"Hot" |
no |
logs_storage_account_advanced_threat_protection_enabled | Enable/disable Advanced Threat Protection, see here for more information. | bool |
false |
no |
logs_storage_account_archived_logs_fileshare_enabled | Enable/disable archived-logs file share creation | bool |
false |
no |
logs_storage_account_archived_logs_fileshare_name | Name of the file share in which externalized logs are stored | string |
"archived-logs" |
no |
logs_storage_account_archived_logs_fileshare_quota | The maximum size in GB of the archived-logs file share, default is 5120 | number |
null |
no |
logs_storage_account_archiving_enabled | Enable/disable blob archiving lifecycle | bool |
true |
no |
logs_storage_account_custom_name | Storage Account for logs custom name. Empty by default, using naming convention. | string |
"" |
no |
logs_storage_account_customer_managed_key | Customer Managed Key. Please refer to the documentation for more information. | object({ |
null |
no |
logs_storage_account_enabled | Whether the dedicated Storage Account for logs is deployed. | bool |
true |
no |
logs_storage_account_extra_tags | Extra tags to add to the logs Storage Account | map(string) |
{} |
no |
logs_storage_account_https_traffic_only_enabled | Enable/disable HTTPS traffic only | bool |
true |
no |
logs_storage_account_identity_ids | List of User Assigned Identity IDs to assign to the Storage Account. | list(string) |
null |
no |
logs_storage_account_identity_type | The identity type of the storage account. Possible values are SystemAssigned , UserAssigned , SystemAssigned, UserAssigned . |
string |
"SystemAssigned" |
no |
logs_storage_account_kind | Storage Account Kind | string |
"StorageV2" |
no |
logs_storage_account_name_prefix | Storage Account name prefix | string |
"" |
no |
logs_storage_account_replication_type | Storage Account Replication type | string |
"LRS" |
no |
logs_storage_account_tier | Storage Account tier | string |
"Standard" |
no |
logs_storage_min_tls_version | Storage Account minimal TLS version | string |
"TLS1_2" |
no |
logs_storage_shared_access_key_enabled | Indicates whether the Storage Account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Entra ID). | bool |
false |
no |
logs_tier_to_archive_after_days_since_modification_greater_than | Change blob tier to Archive after x days without modification | number |
90 |
no |
logs_tier_to_cool_after_days_since_modification_greater_than | Change blob tier to cool after x days without modification | number |
30 |
no |
managed_disk_backup_daily_policy_retention_in_days | The number of days to keep the first daily Managed Disk backup. | number |
null |
no |
managed_disk_backup_policy_custom_name | Azure Backup - Managed disk backup policy custom name. Empty by default, using naming convention. | string |
"" |
no |
managed_disk_backup_policy_interval_in_hours | The Managed Disk backup interval in hours. | string |
24 |
no |
managed_disk_backup_policy_retention_in_days | The number of days to keep the Managed Disk backup. | number |
30 |
no |
managed_disk_backup_policy_time | The time of day to perform the Managed Disk backup in 24 hours format (eg 04:00). | string |
"04:00" |
no |
managed_disk_backup_weekly_policy_retention_in_weeks | The number of weeks to keep the first weekly Managed Disk backup. | number |
null |
no |
monitoring_function_advanced_threat_protection_enabled | FAME function app's storage account: Enable Advanced Threat Protection. | bool |
false |
no |
monitoring_function_app_service_plan_name | FAME App Service Plan custom name. Empty by default, using naming convention. | string |
null |
no |
monitoring_function_application_insights_custom_name | FAME Application Insights custom name. Empty by default, using naming convention. | string |
null |
no |
monitoring_function_application_insights_enabled | Whether FAME Application Insights is deployed. | bool |
true |
no |
monitoring_function_assign_roles | True to assign roles for the monitoring Function on the Log Analytics Workspace (Log Analytics Reader) and the Subscription (Reader). | bool |
true |
no |
monitoring_function_enabled | Whether additional Monitoring Function is enabled. | bool |
true |
no |
monitoring_function_extra_application_settings | Extra application settings to set on monitoring Function. | map(string) |
{} |
no |
monitoring_function_extra_tags | Monitoring function extra tags to add | map(string) |
{} |
no |
monitoring_function_function_app_custom_name | FAME Function App custom name. Empty by default, using naming convention. | string |
null |
no |
monitoring_function_logs_categories | Monitoring function log categories to send to destinations. All by default. | list(string) |
null |
no |
monitoring_function_logs_metrics_categories | Monitoring function metrics categories to send to destinations. All by default. | list(string) |
null |
no |
monitoring_function_metrics_extra_dimensions | Extra dimensions sent with metrics. | map(string) |
{} |
no |
monitoring_function_splunk_token | Access Token to send metrics to Splunk Observability. | string |
null |
no |
monitoring_function_storage_account_custom_name | FAME Storage Account custom name. Empty by default, using naming convention. | string |
null |
no |
monitoring_function_zip_package_path | Zip package path for monitoring function. | string |
"https://github.com/claranet/fame/releases/download/v1.2.1/fame.zip" |
no |
monitoring_rbac_storage_contributor_role_principal_ids | The principal IDs of the users, groups, and service principals to assign the Storage Account Contributor role to. |
list(string) |
[] |
no |
monitoring_rbac_storage_table_role_principal_ids | The principal IDs of the users, groups, and service principals to assign the Storage Table Data * role to. |
object({ |
{} |
no |
name_prefix | Optional prefix for the generated name. | string |
"" |
no |
name_suffix | Optional suffix for the generated name. | string |
"" |
no |
postgresql_backup_daily_policy_retention_in_days | The number of days to keep the first daily Postgresql backup. | number |
null |
no |
postgresql_backup_monthly_policy_retention_in_months | The number of months to keep the first monthly Postgresql backup. | number |
null |
no |
postgresql_backup_policy_custom_name | Azure Backup - PostgreSQL backup policy custom name. Empty by default, using naming convention. | string |
"" |
no |
postgresql_backup_policy_interval_in_hours | The Postgresql backup interval in hours. | string |
24 |
no |
postgresql_backup_policy_retention_in_days | The number of days to keep the Postgresql backup. | number |
30 |
no |
postgresql_backup_policy_time | The time of day to perform the Postgresql backup in 24 hours format (eg 04:00). | string |
"04:00" |
no |
postgresql_backup_weekly_policy_retention_in_weeks | The number of weeks to keep the first weekly Postgresql backup. | number |
null |
no |
recovery_vault_cross_region_restore_enabled | Is cross region restore enabled for this Vault? Can only be true , when storage_mode_type is GeoRedundant . |
bool |
true |
no |
recovery_vault_custom_name | Azure Recovery Vault custom name. Empty by default, using naming convention. | string |
"" |
no |
recovery_vault_extra_tags | Extra tags to add to Recovery Vault. | map(string) |
{} |
no |
recovery_vault_identity_type | Azure Recovery Vault identity type. Possible values include: null , SystemAssigned . Default to SystemAssigned . |
string |
"SystemAssigned" |
no |
recovery_vault_sku | Azure Recovery Vault SKU. Possible values include: Standard , RS0 . Default to Standard . |
string |
"Standard" |
no |
recovery_vault_soft_delete_enabled | Is soft delete enable for this Vault? Defaults to true . |
bool |
true |
no |
recovery_vault_storage_mode_type | The storage type of the Recovery Services Vault. Possible values are GeoRedundant , LocallyRedundant and ZoneRedundant . Defaults to GeoRedundant . |
string |
"GeoRedundant" |
no |
resource_group_name | Resource Group the resources will belong to. | string |
n/a | yes |
stack | Stack name. | string |
n/a | yes |
storage_blob_backup_policy_custom_name | Azure Backup - Storage blob backup policy custom name. Empty by default, using naming convention. | string |
"" |
no |
storage_blob_backup_policy_retention_in_days | The number of days to keep the Storage blob backup. | number |
30 |
no |
tenant_id | Tenant ID. | string |
null |
no |
update_center_enabled | Whether the Update Management Center is enabled. | bool |
false |
no |
update_center_maintenance_configurations | Update Management Center maintenance configurations. | list(object({ |
[] |
no |
update_center_periodic_assessment_enabled | Enable auto-assessment (every 24 hours) for OS updates on native Azure virtual machines by assigning Azure Policy. | bool |
true |
no |
update_center_periodic_assessment_exclusions | Exclude some resources from auto-assessment. | list(string) |
[] |
no |
update_center_periodic_assessment_scopes | Scope to assign the Azure Policy for auto-assessment. Can be Management Groups, Subscriptions, Resource Groups or Virtual Machines. | list(string) |
[] |
no |
vm_backup_daily_policy_retention | The number of daily VM backups to keep. Must be between 7 and 9999. | number |
30 |
no |
vm_backup_monthly_retention | Map to configure the monthly VM backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_monthly | object({ |
null |
no |
vm_backup_policy_custom_name | Azure Backup - VM backup policy custom name. Empty by default, using naming convention. | string |
"" |
no |
vm_backup_policy_frequency | Specifies the frequency for VM backup schedules. Must be either Daily or Weekly . |
string |
"Daily" |
no |
vm_backup_policy_time | The time of day to perform the VM backup in 24hour format. | string |
"04:00" |
no |
vm_backup_policy_timezone | Specifies the timezone for VM backup schedules. Defaults to UTC . |
string |
"UTC" |
no |
vm_backup_policy_type | Type of the Backup Policy. Possible values are V1 and V2 where V2 stands for the Enhanced Policy. Defaults to V1 . Changing this forces a new resource to be created. |
string |
"V1" |
no |
vm_backup_weekly_retention | Map to configure the weekly VM backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_weekly | object({ |
null |
no |
vm_backup_yearly_retention | Map to configure the yearly VM backup policy retention according to https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm#retention_yearly | object({ |
null |
no |
vm_monitoring_enabled | Whether Data Collection Rules for VM monitoring are enabled. | bool |
false |
no |
Name | Description |
---|---|
automation_account_dsc_primary_access_key | Azure Automation Account DSC primary access key. |
automation_account_dsc_secondary_access_key | Azure Automation Account DSC secondary access key. |
automation_account_dsc_server_endpoint | Azure Automation Account DSC server endpoint. |
automation_account_id | Azure Automation Account ID. |
automation_account_identity | Identity block with principal ID and tenant ID. |
automation_account_name | Azure Automation Account name. |
backup_vault_id | Azure Backup Vault ID. |
backup_vault_identity | Azure Backup Services Vault identity. |
backup_vault_name | Azure Backup Vault name. |
data_collection_rule | Azure Monitor Data Collection Rule object. |
data_collection_rule_id | ID of the Azure Monitor Data Collection Rule. |
data_collection_rule_name | Name of the Azure Monitor Data Collection Rule. |
file_share_backup_policy_id | File share Backup policy ID. |
file_share_backup_policy_name | File share Backup policy name. |
key_vault_id | ID of the Key Vault. |
key_vault_name | Name of the Key Vault. |
key_vault_resource_group_name | Resource Group of the Key Vault. |
key_vault_uri | URI of the Key Vault. |
log_analytics_workspace_guid | The Log Analytics Workspace GUID. |
log_analytics_workspace_id | The Log Analytics Workspace ID. |
log_analytics_workspace_location | The Log Analytics Workspace location. |
log_analytics_workspace_name | The Log Analytics Workspace name. |
log_analytics_workspace_primary_key | The primary shared key for the Log Analytics Workspace. |
log_analytics_workspace_secondary_key | The secondary shared key for the Log Analytics Workspace. |
logs_resource_group_name | Resource Group of the logs resources. |
logs_storage_account_archived_logs_fileshare_name | Name of the file share in which externalized logs are stored. |
logs_storage_account_id | ID of the logs Storage Account. |
logs_storage_account_name | Name of the logs Storage Account. |
logs_storage_account_primary_access_key | Primary connection string of the logs Storage Account. |
logs_storage_account_primary_connection_string | Primary connection string of the logs Storage Account. |
logs_storage_account_secondary_access_key | Secondary connection string of the logs Storage Account. |
logs_storage_account_secondary_connection_string | Secondary connection string of the logs Storage Account. |
maintenance_configurations | Update Center Maintenance Configurations information. |
managed_disk_backup_policy_id | Managed disk Backup policy ID. |
module_automation | Module automation outputs. |
module_backup | Module backup outputs. |
module_key_vault | Key Vault module outputs. |
module_logs | Module logs outputs. |
module_maintenance_configurations | Module maintenance configurations outputs. |
module_monitoring_function | Monitoring function module outputs. |
monitoring_function_app_identity_principal_id | Identity principal ID output of the Function App. |
monitoring_function_application_insights_app_id | App ID of the associated Application Insights. |
monitoring_function_application_insights_application_type | Application Type of the associated Application Insights. |
monitoring_function_application_insights_id | ID of the associated Application Insights. |
monitoring_function_application_insights_instrumentation_key | Instrumentation key of the associated Application Insights. |
monitoring_function_application_insights_name | Name of the associated Application Insights. |
monitoring_function_function_app_connection_string | Connection string of the created Function App. |
monitoring_function_function_app_id | ID of the created Function App. |
monitoring_function_function_app_name | Name of the created Function App. |
monitoring_function_function_app_outbound_ip_addresses | Outbound IP addresses of the created Function App. |
monitoring_function_service_plan_id | Id of the created Service Plan. |
monitoring_function_service_plan_name | Name of the created Service Plan. |
monitoring_function_storage_account_id | ID of the associated Storage Account, empty if connection string provided. |
monitoring_function_storage_account_name | Name of the associated Storage Account, empty if connection string provided. |
monitoring_function_storage_account_primary_access_key | Primary connection string of the associated Storage Account, empty if connection string provided. |
monitoring_function_storage_account_primary_connection_string | Primary connection string of the associated Storage Account, empty if connection string provided. |
monitoring_function_storage_account_secondary_access_key | Secondary connection string of the associated Storage Account, empty if connection string provided. |
monitoring_function_storage_account_secondary_connection_string | Secondary connection string of the associated Storage Account, empty if connection string provided. |
monitoring_function_storage_queries_table_name | Name of the queries table in the Storage Account, empty if connection string provided. |
postgresql_backup_policy_id | PostgreSQL Backup policy ID. |
recovery_vault_id | Azure Recovery Services Vault ID. |
recovery_vault_identity | Azure Recovery Services Vault identity. |
recovery_vault_name | Azure Recovery Services Vault name. |
storage_blob_backup_policy_id | Storage blob Backup policy ID. |
terraform_module | Information about this Terraform module |
vm_backup_policy_id | VM Backup policy ID. |
vm_backup_policy_name | VM Backup policy name. |
- Microsoft Azure Monitor logs documentation: docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
- Microsoft Azure Key Vault documentation: docs.microsoft.com/en-us/azure/key-vault/
- Microsoft Azure Update Manager: learn.microsoft.com/en-us/azure/update-manager