Azure module to deploy a Microsoft Defender for Cloud.
Owner access permission is required.
| Module version | Terraform version | OpenTofu version | AzureRM version |
|---|---|---|---|
| >= 8.x.x | Unverified | 1.8.x | >= 4.0 |
| >= 7.x.x | 1.3.x | >= 3.0 | |
| >= 6.x.x | 1.x | >= 3.0 | |
| >= 5.x.x | 0.15.x | >= 2.0 | |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
| >= 3.x.x | 0.12.x | >= 2.0 | |
| >= 2.x.x | 0.12.x | < 2.0 | |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "defender_for_cloud" {
source = "claranet/defender-for-cloud/azurerm"
version = "x.x.x"
}| Name | Version |
|---|---|
| azapi | ~> 2.3 |
| azurerm | ~> 4.31 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alert_notifications_enabled | Whether to send security alerts notifications to the security contact or not. | bool |
true |
no |
| alerts_to_admins_enabled | Whether to send security alerts notifications to Subscription admins (Owners) or not. | bool |
true |
no |
| contact | The name, email and phone number to contact for security alerts. | object({ |
{} |
no |
| enable_agentless_discovery_for_kubernetes | Enable agentless discovery for Kubernetes extension in Defender for Cloud. | bool |
true |
no |
| enable_agentless_vm_scanning | Enable agentless VM scanning extension in Defender for Cloud. | bool |
true |
no |
| enable_container_integrity_contribution | Enable container integrity contribution extension in Defender for Cloud. | bool |
true |
no |
| enable_container_pricing | Enable container pricing in Defender for Cloud. | bool |
true |
no |
| enable_container_registries_vulnerability_assessments | Enable container registries vulnerability assessments extension in Defender for Cloud. | bool |
true |
no |
| enable_container_sensor | Enable container sensor extension in Defender for Cloud. | bool |
true |
no |
| enable_cosmosdbs_pricing | Enable Cosmos DBs pricing in Defender for Cloud. | bool |
true |
no |
| enable_opensourcerelationaldatabases_pricing | Enable open source relational databases pricing in Defender for Cloud. | bool |
true |
no |
| enable_sqlservers_pricing | Enable SQL servers pricing in Defender for Cloud. | bool |
true |
no |
| enable_sqlservers_vms_pricing | Enable SQL servers VMs pricing in Defender for Cloud. | bool |
true |
no |
| exclusion_tags | List of VM tags to exclude from Agentless scanning Defender for Cloud. | list(object({ |
[] |
no |
| services | Defender for Cloud services list to activate. See https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing. | list(object({ |
[ |
no |
| Name | Description |
|---|---|
| alert_contact_id | The alert contact object ID. |
| resource_alert_contact | The alert contact object. |
| resource_subscribed_plans | List of subscribed plans and services. |
Microsoft Azure documentation: xxxx