-> NOTE: When running the module, your subscription should not already be onboarded to MDC. If you have already completed the onboarding process, please refer to the Onboarded Azure Subscription section.
~> NOTE: Deletion of the resource will reset the pricing tier to Free
This Terraform module activate Microsoft Defender for Cloud (MDC) plans.
The module supports the following onboarding types:
- Single Subscription: Onboard MDC plans for a single subscription.
- Chosen Subscriptions: Onboard MDC plans for a selected list of subscriptions.
- All Subscriptions: Onboard MDC plans for all subscriptions where your account holds owner permissions.
- Management Group: Onboard MDC plans for all subscriptions within a designated management group.
Terraform core's version is v1.x and terraform-provider-azurerm's version is v3.x.
To enable plans using this module, follow these steps based on the subscription type:
- Navigate to
examples\defaultfolder. - Execute the
terraform applycommand. - Your onboarding will be applied exclusively to the subscription you are currently connected to.
- Enter the relevant folder under
examplesbased on your scenario. - Execute the
terraform applycommand. - After the execution, a new directory named
outputwill be generated within the example folder. - Access the newly created
outputfolder. - Modify the
main.tffile within this folder to align with your specific requirements. - Execute the
terraform applycommand again to apply your modifications.
- To disable all plans execute
terraform destroycommand. - To disable a specific plan, remove the plan name from mdc_plans_list var and execute
terraform applycommand.
We recommend managing the entire onboarding process with our module. If you've already onboarded your Azure Subscription to Microsoft Defender for Cloud plans, you have several options:
- Manual Cleanup: Manually toggle off the status of all MDC plans.
- Start Fresh: You can choose to destroy your current Terraform environment and begin anew.
- Import Existing Resources: Utilize Terraform import to seamlessly integrate existing resources into Terraform management.
- Manage Multiple Terraform States: Maintain your current state and create a new one for this module, allowing for efficient resource management.
The following requirements are needed by this module:
The following resources are used by this module:
- azurerm_role_assignment.va_auto_provisioning_containers_role (resource)
- azurerm_role_assignment.va_auto_provisioning_la_role (resource)
- azurerm_role_assignment.va_auto_provisioning_vm_role (resource)
- azurerm_security_center_setting.setting_mcas (resource)
- azurerm_security_center_subscription_pricing.asc_plans (resource)
- azurerm_subscription_policy_assignment.container (resource)
- azurerm_subscription_policy_assignment.sql (resource)
- azurerm_subscription_policy_assignment.vm (resource)
- modtm_telemetry.telemetry (resource)
- random_uuid.telemetry (resource)
- azurerm_client_config.telemetry (data source)
- azurerm_policy_definition.container_policies (data source)
- azurerm_policy_definition.la_policies (data source)
- azurerm_policy_definition.vm_policies (data source)
- azurerm_role_definition.container_roles (data source)
- azurerm_role_definition.la_roles (data source)
- azurerm_role_definition.vm_roles (data source)
- azurerm_subscription.current (data source)
- modtm_module_source.telemetry (data source)
The following input variables are required:
Description: The location/region where the policy should exist.
Type: string
The following input variables are optional (have default values):
Description: (Optional) Resource type pricing default subplan. Contact your MSFT representative for possible values
Type: string
Default: null
Description: (Optional) The pricing tier to use. Possible values are Free and Standard
Type: string
Default: "Standard"
Description: This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetryinfo.
If it is set to false, then no telemetry will be collected.
Type: bool
Default: true
Description: (Optional) Set of all MDC databases plans
Type: set(string)
Default:
[
"OpenSourceRelationalDatabases",
"SqlServers",
"SqlServerVirtualMachines",
"CosmosDbs"
]Description: (Optional) Set of all MDC plans
Type: set(string)
Default:
[
"AppServices",
"Arm",
"CloudPosture",
"Containers",
"KeyVaults",
"OpenSourceRelationalDatabases",
"SqlServers",
"SqlServerVirtualMachines",
"CosmosDbs",
"StorageAccounts",
"VirtualMachines",
"Api"
]Description: (Optional) Sets the maximum GB limit for malware scanning on uploaded files per storage account per month
Type: string
Default: "5000"
Description: (Optional) A map of resource type pricing subplan, the key is resource type. This variable takes precedence over var.default_subplan. Contact your MSFT representative for possible values
Type: map(string)
Default: {}
Description: Whether enable tracing tags that generated by BridgeCrew Yor.
Type: bool
Default: false
Description: Default prefix for generated tracing tags
Type: string
Default: "avm_"
The following outputs are exported:
Description: All plans details
Description: The subscription pricing ID
No modules.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.