Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@aswini-chirumamilla
aswini-chirumamilla authored May 21, 2023
1 parent 98f9b3e commit 4d91b00
Show file tree
Hide file tree
Showing 61 changed files with 6,171 additions and 0 deletions.
66 changes: 66 additions & 0 deletions create_enable-azure-defender-for-storage/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#Reference to module for enabling Azure Defender for Storage
module "enable_azure_defender_for_storage_module" {
source = "../../modules/module_enable-azure-defender-for-storage"
storage_account_name = var.storage_account_name
location = var.location
resource_group = var.resource_group
tags = var.tags
account_tier = var.account_tier
access_tier = var.access_tier
replication_type = var.replication_type
enable_large_file_share = var.enable_large_file_share
enable_hns = var.enable_hns
enable_https_traffic_only = var.enable_https_traffic_only
min_tls_version = var.min_tls_version
allow_blob_public_access = var.allow_blob_public_access
access_list = var.access_list
traffic_bypass = var.traffic_bypass
blob_cors = var.blob_cors
enable_static_website = var.enable_static_website
index_path = var.index_path
custom_404_path = var.custom_404_path
encryption_scopes = var.encryption_scopes
nfsv3_enabled = var.nfsv3_enabled
default_network_rule = var.default_network_rule
shared_access_key_enabled = var.shared_access_key_enabled
create_resource_group = var.create_resource_group
network_rules = var.network_rules
length = var.length
special = var.special
upper = var.upper
vnet_name = var.vnet_name
address_space = var.address_space
subnet_name = var.subnet_name
address_prefixes = var.address_prefixes
service_endpoints = var.service_endpoints
enforce_private_link_endpoint_network_policies = var.enforce_private_link_endpoint_network_policies
default_action = var.default_action
ip_rules = var.ip_rules
bypass = var.bypass
source_var = var.source_var
private_endpoint_name = var.private_endpoint_name
private_service_connection_name = var.private_service_connection_name
manual_connection = var.manual_connection
subresource_name = var.subresource_name
deployment_mode = var.deployment_mode
template_deployment_name = var.template_deployment_name
}


module "storage_account_monitoring" {
source = "../../modules/module_enable-azure-defender-for-storage/logging_and_monitoring"
resource_id = module.enable_azure_defender_for_storage_module.resource_id
storage_account_id = module.enable_azure_defender_for_storage_module.storage_account_id
resource_group_name = module.enable_azure_defender_for_storage_module.resource_group_name
resource_group_id = module.enable_azure_defender_for_storage_module.resource_group_id
resource_group_location = module.enable_azure_defender_for_storage_module.resource_group_location

}

module "module_resource-role-assignment" {
source = "../../modules/module_enable-azure-defender-for-storage/rbac"
resource_group_name = module.enable_azure_defender_for_storage_module.resource_group_name
scope = module.enable_azure_defender_for_storage_module.resource_id
role_definition_name = var.role_definition_name

}
12 changes: 12 additions & 0 deletions create_enable-azure-defender-for-storage/providers.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>2.46"
}
}
}

provider "azurerm" {
features {}
}
44 changes: 44 additions & 0 deletions create_enable-azure-defender-for-storage/terraform.tfvars
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
create_resource_group = "false"
resource_group = "rg"
location = "east us"
storage_account_name = "str239006"
account_tier = "Premium"
access_tier = "Hot"
enable_large_file_share = false
enable_hns = true
enable_https_traffic_only = true
min_tls_version = "TLS1_2"
allow_blob_public_access = true
replication_type = "LRS"
tags = {
App_name = "storage acc"
Owner = "Mohit"
Cost_center = 9999
}

encryption_scopes = {
"encrypt" = {
enable_infrastructure_encryption = true

}
}
role_definition_name = ["Reader"]
length = 6
special = false
upper = false
vnet_name = "new_vnet"
address_space = ["10.0.0.0/16"]
subnet_name = "new_subnet"
address_prefixes = ["10.0.2.0/24"]
service_endpoints = ["Microsoft.Storage"]
enforce_private_link_endpoint_network_policies = true
default_action = "Allow"
ip_rules = ["127.0.0.1"]
bypass = ["AzureServices"]
source_var = "Microsoft.Storage"
private_endpoint_name = "new-endpoint"
private_service_connection_name = "private-service-connection"
manual_connection = false
subresource_name = ["web"]
deployment_mode = "Incremental"
template_deployment_name = "example-template"
265 changes: 265 additions & 0 deletions create_enable-azure-defender-for-storage/variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,265 @@
#-----------------------------------------------VARIABLES: RBAC MODULE--------------------------------------------------------
variable "role_definition_name" {
type = list(string)
description = "List of Role Definitions"
default = ["Reader", "Contributor"]
}

#------------------------------------------------Resource Group Variables------------------------------------------------------
variable "resource_group" {
description = "name of the resource group to create the resource"
type = string
}

variable "create_resource_group" {
description = "resource group creation "
type = string
}

variable "location" {
description = "Specifies the supported Azure location to MySQL server resource"
type = string
}

#------------------------------------------------Storage Account Variables------------------------------------------------------
variable "storage_account_name" {
description = "Storage account name"
type = string
}

variable "tags" {
description = "tags to be applied to resources"
type = map(string)
}


variable "account_tier" {
description = "Defines the Tier to use for this storage account (Standard or Premium)."
type = string
default = null
}

variable "access_tier" {
description = "Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts"
type = string
default = "Hot"

validation {
condition = (contains(["hot", "cool"], lower(var.access_tier)))
error_message = "The account_tier must be either \"Hot\" or \"Cool\"."
}
}

variable "replication_type" {
description = "Storage account replication type - i.e. LRS, GRS, RAGRS, ZRS, GZRS, RAGZRS."
type = string
}

variable "enable_large_file_share" {
description = "Enable Large File Share."
type = bool
default = false
}

variable "enable_hns" {
description = "Enable Hierarchical Namespace (can be used with Azure Data Lake Storage Gen 2)."
type = bool
default = false
}

variable "enable_https_traffic_only" {
description = "Forces HTTPS if enabled."
type = bool
default = true
}

variable "min_tls_version" {
description = "The minimum supported TLS version for the storage account."
type = string
default = "TLS1_2"
}

variable "allow_blob_public_access" {
description = "Allow or disallow public access to all blobs or containers in the storage account."
type = bool
default = false
}

# Note: make sure to include the IP address of the host from where "terraform" command is executed to allow for access to the storage
# Otherwise, creating container inside the storage or any access attempt will be denied.
variable "access_list" {
description = "Map of CIDRs Storage Account access."
type = map(string)
default = {}
}


variable "traffic_bypass" {
description = "Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Valid options are any combination of Logging, Metrics, AzureServices, or None."
type = list(string)
default = ["None"]
}

variable "blob_cors" {
description = "blob service cors rules: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#cors_rule"
type = map(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
}))
default = null
}

variable "enable_static_website" {
description = "Controls if static website to be enabled on the storage account. Possible values are `true` or `false`"
type = bool
default = false
}

variable "index_path" {
description = "path from your repo root to index.html"
type = string
default = null
}

variable "custom_404_path" {
description = "path from your repo root to your custom 404 page"
type = string
default = null
}

variable "encryption_scopes" {
description = "Encryption scopes, keys are scope names. more info https://docs.microsoft.com/en-us/azure/storage/common/infrastructure-encryption-enable?tabs=portal"
type = map(object({
enable_infrastructure_encryption = bool
}))
default = {}
}

variable "nfsv3_enabled" {
description = "Is NFSv3 protocol enabled? Changing this forces a new resource to be created"
type = bool
default = false
}

variable "default_network_rule" {
description = "Specifies the default action of allow or deny when no other network rules match"
type = string
default = "Deny"

validation {
condition = (contains(["deny", "allow"], lower(var.default_network_rule)))
error_message = "The default_network_rule must be either \"Deny\" or \"Allow\"."
}
}

variable "shared_access_key_enabled" {
description = "Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key"
type = bool
default = false
}

variable "network_rules" {
description = "Network rules restricing access to the storage account."
type = object({ bypass = list(string), ip_rules = list(string), subnet_ids = list(string) })
default = null
}

#---------------------------------------- Random String variables -----------------------------------------
variable "length" {
type = number
description = "length of random string"
}

variable "special" {
type = bool
description = "special"
}

variable "upper" {
type = bool
description = "upper case"
}
#---------------------------------------- virtual network variables -----------------------------------------
variable "vnet_name" {
type = string
description = "virtual network name"
}

variable "address_space" {
type = list(string)
description = "address spaces for vnet"
}

#---------------------------------------- Subnet variables -----------------------------------------
variable "subnet_name" {
type = string
description = "Name of the subnet"
}

variable "address_prefixes" {
type = list(string)
description = "address prefixes"
}

variable "service_endpoints" {
type = list(string)
description = "service endpoint"
}

variable "enforce_private_link_endpoint_network_policies" {
type = bool
description = "enforce private link endpoint network policies"
}

#---------------------------------------- Storage account network rules variables -----------------------------------------
variable "default_action" {
type = string
description = "allow default action"
}
variable "ip_rules" {
type = list(string)
description = "ip rules"
}
variable "bypass" {
type = list(string)
description = "bypass"
}

#---------------------------------------- Storage encryption scope variables -----------------------------------------
variable "source_var" {
type = string
description = "allow default action"
}

#---------------------------------------------Private endpoint variables-------------------------------------------------
variable "private_endpoint_name" {
type = string
description = "Name of the private endpoint"
}
variable "private_service_connection_name" {
type = string
description = "Name of the private service connection"
}
variable "manual_connection" {
type = bool
description = "Cannection to be manual?"
}
variable "subresource_name" {
type = list(string)
description = "Subresource name"
}

#------------------------------------------------- Template deployment variables -------------------------------------------------

variable "template_deployment_name" {
type = string
description = "Name of deployment template"
}

variable "deployment_mode" {
type = string
description = "mode of template deployment"
}
Loading

0 comments on commit 4d91b00

Please sign in to comment.