Terraform module for integrating Azure Subscriptions and Tenants with Lacework for cloud resource configuration assessment.
It adds a Service Principal as a subscription "Reader" and "Key Vault Reader", then talks to Lacework API to configure a Cloud Config Integration
| Name |
Description |
Type |
Default |
Required |
| all_subscriptions |
If set to true, grant read access to ALL subscriptions within the selected Tenant (overrides 'subscription_ids') |
bool |
false |
no |
| application_id |
The Active Directory Application id to use (required when use_existing_ad_application is set to true) |
string |
"" |
no |
| application_name |
The name of the Azure Active Directory Application (required when use_existing_ad_application is set to true) |
string |
"lacework_security_audit" |
no |
| application_password |
The Active Directory Application password to use (required when use_existing_ad_application is set to true) |
string |
"" |
no |
| lacework_integration_name |
The Lacework integration name |
string |
"TF config" |
no |
| management_group_id |
The Management Group ID to add Reader permissions (required when use_management_group is true) |
string |
"" |
no |
| service_principal_id |
The Enterprise App Object ID related to the application_id (required when use_existing_ad_application is true) |
string |
"" |
no |
| subscription_ids |
List of subscriptions to grant read access to, by default the module will only use the primary subscription |
list(string) |
[] |
no |
| use_existing_ad_application |
Set this to true to use an existing Active Directory Application |
bool |
false |
no |
| use_management_group |
If set to true, the AD Application will be a Reader on the Management Group level instead of Subscription level |
bool |
false |
no |
| wait_time |
Amount of time to wait before the Lacework resources are provisioned |
string |
"20s" |
no |
