-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.tf
38 lines (34 loc) · 1.48 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
resource "azurerm_key_vault" "keyvault" {
name = "${lower(var.project)}${lower(var.stage)}keyvault"
location = var.location
resource_group_name = var.resource_group
tenant_id = var.azure_tenant_id
sku_name = var.sku
tags = var.tags
purge_protection_enabled = true
soft_delete_retention_days = var.soft_delete_retention_days
network_acls {
bypass = var.network_acls_bypass
default_action = var.network_acls_default_action
ip_rules = var.network_acls_ip_rules
virtual_network_subnet_ids = var.network_acls_virtual_network_subnet_ids
}
}
resource "azurerm_storage_account" "storageaccountkeyvaultaudit" {
count = var.enable_audit ? 1 : 0
name = "${lower(var.project)}${lower(var.stage)}keyvaultaudit"
resource_group_name = var.resource_group
location = var.location
account_tier = "Standard"
account_replication_type = "LRS"
tags = var.tags
}
resource "azurerm_monitor_diagnostic_setting" "keyvaultaudit" {
count = var.enable_audit ? 1 : 0
name = "${lower(var.project)}${lower(var.stage)}keyvaultaudit"
target_resource_id = azurerm_key_vault.keyvault.id
storage_account_id = azurerm_storage_account.storageaccountkeyvaultaudit[0].id
enabled_log {
category = "AuditEvent"
}
}