Skip to content

Commit

Permalink
StorageAccount module and dependencies (#1147)
Browse files Browse the repository at this point in the history
* StorageAccount module and dependencies

* Richard format

* move storageaccount name from key to object value

* update

---------

Co-authored-by: Automatic Update <[email protected]>
Co-authored-by: Richard Hagen <[email protected]>
  • Loading branch information
3 people authored Jan 5, 2024
1 parent 08b331d commit 52e08f8
Show file tree
Hide file tree
Showing 32 changed files with 395 additions and 43 deletions.
37 changes: 37 additions & 0 deletions terraform/subscriptions/modules/backupvaults/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#######################################################################################
### Protection Vault
###

resource "azurerm_data_protection_backup_vault" "backupvault" {
name = var.name
resource_group_name = var.resource_group_name
location = var.location
datastore_type = "VaultStore"
redundancy = "LocallyRedundant"

identity {
type = "SystemAssigned"
}
}

#######################################################################################
### Protection Backup Policy
###

resource "azurerm_data_protection_backup_policy_blob_storage" "policyblobstorage" {
name = var.policyblobstoragename
vault_id = azurerm_data_protection_backup_vault.backupvault.id
retention_duration = "P30D"
}

#######################################################################################
### Lock
###

resource "azurerm_management_lock" "backupvault" {
name = "${var.name}-lock"
scope = azurerm_data_protection_backup_vault.backupvault.id
lock_level = "CanNotDelete"
notes = "To prevent ${var.name} from being deleted"
depends_on = [azurerm_data_protection_backup_vault.backupvault]
}
7 changes: 7 additions & 0 deletions terraform/subscriptions/modules/backupvaults/output.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
output "data" {
description = "The ID of backupvaults."
value = {
"backupvault" = azurerm_data_protection_backup_vault.backupvault
"policyblobstorage" = azurerm_data_protection_backup_policy_blob_storage.policyblobstorage
}
}
17 changes: 17 additions & 0 deletions terraform/subscriptions/modules/backupvaults/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
variable "name" {
description = "Specifies the name of the Backup Vault"
type = string
}

variable "resource_group_name" {
description = "The name of the Resource Group where the Backup Vault should exist"
}

variable "location" {
description = "The Azure Region where the Backup Vault should exist."
}

variable "policyblobstoragename" {
description = "he name which should be used for this Backup Policy Blob Storage."

}
4 changes: 2 additions & 2 deletions terraform/subscriptions/modules/key-vault/outputs.tf
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
output "data" {
description = "The ID of this Key vault."
# value = azurerm_key_vault.this.id
value = {
value = {
"vault_id" = module.kv.vault_id
}
}
}

# output "vault_name" {
Expand Down
3 changes: 3 additions & 0 deletions terraform/subscriptions/modules/log-analytics/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,7 @@ module "la" {
location = var.location
retention_in_days = var.retention_in_days
local_authentication_disabled = var.local_authentication_disabled

}


Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "data" {
description = "publicipprefix"
value = azurerm_public_ip_prefix.publicipprefix
value = azurerm_public_ip_prefix.publicipprefix
}
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
variable "resource_group_name" {
description = "The name of the resource group in which to create the Public IP Prefix"
type = string
type = string
}

variable "publicipprefixname" {
description = "Specifies the name of the Public IP Prefix resource"
type = string
type = string
}

variable "location" {
description = "Specifies the supported Azure location where the resource exists."
type = string
type = string
}

variable "zones" {
description = "Specifies a list of Availability Zones in which this Public IP Prefix should be located."
type = list(string)
default = []
type = list(string)
default = []
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "data" {
description = "Networkmanager connectivity"
value = azurerm_network_manager_connectivity_configuration.config
value = azurerm_network_manager_connectivity_configuration.config
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "data" {
description = "Networks securitygroup"
value = azurerm_network_security_group.networksecuritygroup
value = azurerm_network_security_group.networksecuritygroup
}
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
variable "resource_group_name" {
description = "The name of the resource group in which to create the network security group"
type = string
description = "The name of the resource group in which to create the network security group"
type = string
}

variable "location" {
description = "Specifies the supported Azure location where the resource exists"
type = string
description = "Specifies the supported Azure location where the resource exists"
type = string
}

variable "networksecuritygroupname" {
description = "Specifies the name of the network security group"
type = string
description = "Specifies the name of the network security group"
type = string
}

variable "destination_address_prefix" {
description = "List of destination address prefixes."
type = string
type = string
}
2 changes: 1 addition & 1 deletion terraform/subscriptions/modules/policyassignment/output.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "data" {
description = "Policy Assignment"
value = azurerm_subscription_policy_assignment.assignment
value = azurerm_subscription_policy_assignment.assignment
}
2 changes: 1 addition & 1 deletion terraform/subscriptions/modules/resourcegroups/output.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "data" {
description = "resourcegroup"
value = azurerm_resource_group.resourcegroup
value = azurerm_resource_group.resourcegroup
}
9 changes: 9 additions & 0 deletions terraform/subscriptions/modules/storageaccount/input.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
locals {
flattened_config = {
for key, value in var.roleassignment : key => {
backup = value.backup
kind = var.kind

}
}
}
64 changes: 64 additions & 0 deletions terraform/subscriptions/modules/storageaccount/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# #######################################################################################
# ### Storage Account
# ###

resource "azurerm_storage_account" "storageaccount" {
name = var.name
resource_group_name = var.resource_group_name
location = var.location
account_kind = var.kind
account_replication_type = var.account_replication_type
account_tier = var.tier
dynamic "blob_properties" {
for_each = var.kind == "BlobStorage" || var.kind == "Storage" ? [1] : []
content {
change_feed_enabled = var.change_feed_enabled
versioning_enabled = var.versioning_enabled
change_feed_retention_in_days = var.change_feed_retention_in_days

dynamic "container_delete_retention_policy" {
for_each = var.container_delete_retention_policy == true ? [30] : []
content {
days = container_delete_retention_policy.value
}
}
}
}

tags = {
environment = var.environment
}
}

# #######################################################################################
# ### Role assignment from Backup Vault to Storage Account
# ###

resource "azurerm_role_assignment" "roleassignment" {
for_each = {
for key in compact([for key, value in local.flattened_config : value.backup && value.kind == "StorageV2" ? key : ""]) : key =>
local.flattened_config[key]
}
scope = azurerm_storage_account.storageaccount.id
role_definition_name = each.key
principal_id = var.principal_id
depends_on = [azurerm_storage_account.storageaccount]
}

######################################################################################
## Blob Protection
##

resource "azurerm_data_protection_backup_instance_blob_storage" "backupinstanceblobstorage" {
for_each = {
for key in compact([for key, value in local.flattened_config : value.backup && value.kind == "StorageV2" ? key : ""]) : key =>
local.flattened_config[key]
}
name = azurerm_storage_account.storageaccount.name
vault_id = var.vault_id
location = var.location
storage_account_id = azurerm_storage_account.storageaccount.id
backup_policy_id = var.policyblobstorage_id
depends_on = [azurerm_role_assignment.roleassignment]
}

4 changes: 4 additions & 0 deletions terraform/subscriptions/modules/storageaccount/output.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "data" {
description = "storageaccount"
value = azurerm_storage_account.storageaccount
}
89 changes: 89 additions & 0 deletions terraform/subscriptions/modules/storageaccount/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
variable "name" {
description = "Specifies the name of the storage account. Only lowercase Alphanumeric characters allowed"
type = string
}

variable "resource_group_name" {
description = "The name of the resource group in which to create the storage account"
type = string
}

variable "location" {
description = "Specifies the supported Azure location where the resource exists"
type = string
}

variable "environment" {
description = "A mapping of tags to assign to the resource."
}

variable "tier" {
description = "Defines the Tier to use for this storage account. Valid options are Standard and Premium"
type = string
}

variable "account_replication_type" {
description = "Defines the type of replication to use for this storage account"
type = string
}

variable "kind" {
description = "Defines the Kind of account"
type = string
}

variable "change_feed_enabled" {
description = "Is the blob service properties for change feed events enabled?"
type = bool
default = false
}

variable "versioning_enabled" {
description = " Is versioning enabled?"
type = bool
default = false
}

variable "change_feed_retention_in_days" {
description = "The duration of change feed events retention in days"
type = number
default = 7
}

variable "container_delete_retention_policy" {
description = "Specifies the number of days that the container should be retained"
type = number
default = 30
}


variable "principal_id" {
description = "The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to"
type = string
}

variable "roleassignment" {
description = "Other role assignments to be added to this key vault"
type = map(object({
backup = bool
}))
default = {}
}

variable "backupinstanceblobstorage" {
description = "Other role assignments to be added to this key vault"
type = map(object({
backup = bool
}))
default = {}
}

variable "vault_id" {
description = "The ID of the Backup Vault"
type = string
}

variable "policyblobstorage_id" {
description = "The ID of the Backup Policy."
type = string
}
2 changes: 1 addition & 1 deletion terraform/subscriptions/s940/c2/key-vault/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ module "keyvault" {
network_acls_default_action = local.key_vault.network_acls_default_action
access_policies = local.key_vault.access_policies
depends_on = [module.loganalytics]

}

resource "azurerm_management_lock" "loganalytics" {
Expand Down
10 changes: 5 additions & 5 deletions terraform/subscriptions/s941/dev/clusters/input.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
locals {

flattened_clusters = {
for key, value in var.clusters : key => {
name = key
resource_group_name = value.resource_group_name
name = key
resource_group_name = value.resource_group_name
location = value.location
destination_address_prefix = value.destination_address_prefix
}
}

}
}

10 changes: 5 additions & 5 deletions terraform/subscriptions/s941/dev/clusters/main.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
module "nsg" {

source = "../../../modules/networksecuritygroup"
networksecuritygroupname = "nsg-weekly-50"
location = local.output.location
resource_group_name = local.output.resource_group
destination_address_prefix = "20.223.40.151"
for_each = local.flattened_clusters
networksecuritygroupname = "nsg-${each.key}"
location = each.value.location
resource_group_name = each.value.resource_group_name
destination_address_prefix = each.value.destination_address_prefix
}
Loading

0 comments on commit 52e08f8

Please sign in to comment.