Terraform module which creates Azure Key Vault resources.
- Soft-delete retention set to 90 days by default.
- Purge protection disabled by default.
- Role-based access control (RBAC) authorization enabled by default.
- Public network access denied by default.
- Audit logs sent to given Log Analytics workspace by default.
- Azure role
Contributorat the resource group scope. - Azure role
Log Analytics Contributorat the Log Analytics workspace scope.
provider "azurerm" {
features {}
}
module "key_vault" {
source = "equinor/key-vault/azurerm"
version = "~> 11.6"
vault_name = "example-vault"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
log_analytics_workspace_id = module.log_analytics.workspace_id
network_acls_ip_rules = ["1.1.1.1/32", "2.2.2.2/32", "3.3.3.3/30"]
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "westeurope"
}
module "log_analytics" {
source = "equinor/log-analytics/azurerm"
version = "~> 2.0"
workspace_name = "example-workspace"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}