![](https://camo.githubusercontent.com/d29b29b3a301eb1bcc200a5c2f978d18b32fe0dd567ffa99eff8af778877cf0e/68747470733a2f2f74656368616c6c792d636f6e74656e742e73332d75732d776573742d312e616d617a6f6e6177732e636f6d2f7075626c69632d636f6e74656e742f6c616365776f726b5f6c6f676f5f66756c6c2e706e67)
![Codefresh build status](https://camo.githubusercontent.com/6769c3afe3ca90ced28ef81d3a37a5723675745003080fdde2f22442fafae419/68747470733a2f2f672e636f646566726573682e696f2f6170692f6261646765732f706970656c696e652f6c616365776f726b2f7465727261666f726d2d6d6f64756c6573253246746573742d636f6d7061746962696c6974793f747970653d63662d31266b65793d65794a68624763694f694a49557a49314e694a392e4e57566d4e5441784f4755345932466a4f47517a59546b78596a67335a4445782e524a3344457a576d4258724a58376d33386945784a5f6e744776345f4970385654612d616e38674277426f)
Terraform module for integrating Azure Subscriptions and Tenants with Lacework for cloud resource configuration assessment.
It adds a Service Principal as a subscription "Reader" and "Key Vault Reader", then talks to Lacework API to configure a Cloud Config Integration
Name |
Description |
Type |
Default |
Required |
all_subscriptions |
If set to true, grant read access to ALL subscriptions within the selected Tenant (overrides 'subscription_ids') |
bool |
false |
no |
application_id |
The Active Directory Application id to use (required when use_existing_ad_application is set to true) |
string |
"" |
no |
application_name |
The name of the Azure Active Directory Application (required when use_existing_ad_application is set to true) |
string |
"lacework_security_audit" |
no |
application_password |
The Active Directory Application password to use (required when use_existing_ad_application is set to true) |
string |
"" |
no |
lacework_integration_name |
The Lacework integration name |
string |
"TF config" |
no |
management_group_id |
The Management Group ID to add Reader permissions (required when use_management_group is true) |
string |
"" |
no |
service_principal_id |
The Enterprise App Object ID related to the application_id (required when use_existing_ad_application is true) |
string |
"" |
no |
subscription_ids |
List of subscriptions to grant read access to, by default the module will only use the primary subscription |
list(string) |
[] |
no |
use_existing_ad_application |
Set this to true to use an existing Active Directory Application |
bool |
false |
no |
use_management_group |
If set to true , the AD Application will be a Reader on the Management Group level instead of Subscription level |
bool |
false |
no |
wait_time |
Amount of time to wait before the Lacework resources are provisioned |
string |
"20s" |
no |