From 51b138b8e9638873bc1905a0f6b607308d3be300 Mon Sep 17 00:00:00 2001 From: Alastair Lock Date: Fri, 20 Dec 2024 11:26:37 +0000 Subject: [PATCH] moved modules in --- .../modules/event-grid-subscription/main.tf | 27 +++++++++++++ .../event-grid-subscription/variables.tf | 38 +++++++++++++++++++ .../modules/event-grid-topic/main.tf | 19 ++++++++++ .../modules/event-grid-topic/output.tf | 9 +++++ .../modules/event-grid-topic/variables.tf | 34 +++++++++++++++++ infrastructure/modules/sql-server/main.tf | 26 ++++++------- 6 files changed, 140 insertions(+), 13 deletions(-) create mode 100644 infrastructure/modules/event-grid-subscription/main.tf create mode 100644 infrastructure/modules/event-grid-subscription/variables.tf create mode 100644 infrastructure/modules/event-grid-topic/main.tf create mode 100644 infrastructure/modules/event-grid-topic/output.tf create mode 100644 infrastructure/modules/event-grid-topic/variables.tf diff --git a/infrastructure/modules/event-grid-subscription/main.tf b/infrastructure/modules/event-grid-subscription/main.tf new file mode 100644 index 0000000..c50c34d --- /dev/null +++ b/infrastructure/modules/event-grid-subscription/main.tf @@ -0,0 +1,27 @@ +resource "azurerm_eventgrid_event_subscription" "eventgrid_event_subscription" { + name = var.subscription_name + scope = var.azurerm_eventgrid_id + + dynamic "azure_function_endpoint" { + for_each = var.subscriber_function_details + content { + function_id = azure_function_endpoint.value.function_endpoint + } + } + + storage_blob_dead_letter_destination { + storage_account_id = var.dead_letter_storage_account_id + storage_blob_container_name = var.dead_letter_storage_account_container_name + } + + # tags = var.tags +} + + +resource "azurerm_role_assignment" "eventgrid_subscription_role" { + for_each = { for idx, endpoint in var.subscriber_function_details : idx => endpoint } + + principal_id = each.value.principal_id + role_definition_name = "EventGrid Data Receiver" + scope = var.azurerm_eventgrid_id +} diff --git a/infrastructure/modules/event-grid-subscription/variables.tf b/infrastructure/modules/event-grid-subscription/variables.tf new file mode 100644 index 0000000..8ba6b8d --- /dev/null +++ b/infrastructure/modules/event-grid-subscription/variables.tf @@ -0,0 +1,38 @@ +variable "subscription_name" { + description = "The name of the Event Grid event subscription." + type = string +} + +variable "resource_group_name" { + type = string + description = "The name of the resource group in which to create the Event Grid. Changing this forces a new resource to be created." +} + +variable "subscriber_function_details" { + type = list(object({ + function_endpoint = string + principal_id = string + })) + default = [] +} + +variable "azurerm_eventgrid_id" { + description = "The azurerm Event Grid id to link to." + type = string +} + +variable "tags" { + description = "A mapping of tags to assign to the Event Grid topic." + type = map(string) + default = {} +} + +variable "dead_letter_storage_account_container_name" { + description = "The name of storage account container for the Dead Letter queue." + type = string +} + +variable "dead_letter_storage_account_id" { + description = "The name of storage account container id for the Dead Letter queue." + type = string +} diff --git a/infrastructure/modules/event-grid-topic/main.tf b/infrastructure/modules/event-grid-topic/main.tf new file mode 100644 index 0000000..24f7f21 --- /dev/null +++ b/infrastructure/modules/event-grid-topic/main.tf @@ -0,0 +1,19 @@ +resource "azurerm_eventgrid_topic" "azurerm_eventgrid" { + name = var.topic_name + resource_group_name = var.resource_group_name + location = var.location + + identity { + type = var.identity_type + } + + dynamic "inbound_ip_rule" { + for_each = var.inbound_ip_rules + content { + ip_mask = inbound_ip_rule.value["ip_mask"] + action = inbound_ip_rule.value["action"] + } + } + + tags = var.tags +} diff --git a/infrastructure/modules/event-grid-topic/output.tf b/infrastructure/modules/event-grid-topic/output.tf new file mode 100644 index 0000000..61b938d --- /dev/null +++ b/infrastructure/modules/event-grid-topic/output.tf @@ -0,0 +1,9 @@ +output "topic_endpoint" { + description = "The event grid topic URL." + value = azurerm_eventgrid_topic.azurerm_eventgrid.endpoint +} + +output "id" { + description = "The event grid topic id." + value = azurerm_eventgrid_topic.azurerm_eventgrid.id +} diff --git a/infrastructure/modules/event-grid-topic/variables.tf b/infrastructure/modules/event-grid-topic/variables.tf new file mode 100644 index 0000000..b36c8bf --- /dev/null +++ b/infrastructure/modules/event-grid-topic/variables.tf @@ -0,0 +1,34 @@ +variable "resource_group_name" { + type = string + description = "The name of the resource group in which to create the Event Grid. Changing this forces a new resource to be created." +} + +variable "location" { + type = string + description = "The location/region where the Event Grid is created." +} + +variable "inbound_ip_rules" { + description = "List of inbound IP rules" + type = list(object({ + ip_mask = string + action = string + })) + default = [] +} + +variable "identity_type" { + type = string + description = "The identity type of the Event Grid." +} + +variable "topic_name" { + description = "The name of the Event Grid topic." + type = string +} + +variable "tags" { + description = "A mapping of tags to assign to the Event Grid topic." + type = map(string) + default = {} +} diff --git a/infrastructure/modules/sql-server/main.tf b/infrastructure/modules/sql-server/main.tf index ce378a9..4efe4b1 100644 --- a/infrastructure/modules/sql-server/main.tf +++ b/infrastructure/modules/sql-server/main.tf @@ -68,26 +68,26 @@ module "private_endpoint_sql_server" { /* -------------------------------------------------------------------------------------------------- SQL Server Diagnostic Settings -------------------------------------------------------------------------------------------------- */ -# module "diagnostic_setting_sql_server" { +module "diagnostic_setting_sql_server" { -# source = "../diagnostic-settings" + source = "../diagnostic-settings" -# name = "${var.name}-sql-server-diagnotic-setting" -# target_resource_id = "${azurerm_mssql_server.azure_sql_server.id}/databases/master" -# log_analytics_workspace_id = var.log_analytics_workspace_id -# enabled_log = var.monitor_diagnostic_setting_sql_server_enabled_logs -# metric = var.monitor_diagnostic_setting_sql_server_metrics -# } + name = "${var.name}-sql-server-diagnotic-setting" + target_resource_id = "${azurerm_mssql_server.azure_sql_server.id}/databases/master" + log_analytics_workspace_id = var.log_analytics_workspace_id + enabled_log = var.monitor_diagnostic_setting_sql_server_enabled_logs + metric = var.monitor_diagnostic_setting_sql_server_metrics +} /* -------------------------------------------------------------------------------------------------- # SQL Server Extended Auditing Policy # -------------------------------------------------------------------------------------------------- */ -# resource "azurerm_mssql_server_extended_auditing_policy" "azure_sql_server" { +resource "azurerm_mssql_server_extended_auditing_policy" "azure_sql_server" { -# server_id = azurerm_mssql_server.azure_sql_server.id -# log_monitoring_enabled = var.log_monitoring_enabled -# retention_in_days = var.auditing_policy_retention_in_days -# } + server_id = azurerm_mssql_server.azure_sql_server.id + log_monitoring_enabled = var.log_monitoring_enabled + retention_in_days = var.auditing_policy_retention_in_days +} /* -------------------------------------------------------------------------------------------------- Security Alert Policy for SQL Server