Add Azure modules: introduce log analytics workspace ID input and output specifications in AKS and base modules, enhance key vault configurations, and implement PostgreSQL logging configurations for improved monitoring and security.

Author: yindia

docs/references/modules/azure_aks.md

@@ -40,6 +40,7 @@ No modules.
 | <a name="input_env_name"></a> [env\_name](#input\_env\_name) | Env name | `string` | n/a | yes |
 | <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | n/a | `string` | `"1.21.9"` | no |
 | <a name="input_layer_name"></a> [layer\_name](#input\_layer\_name) | Layer name | `string` | n/a | yes |
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | n/a | `string` | n/a | yes |
 | <a name="input_max_nodes"></a> [max\_nodes](#input\_max\_nodes) | n/a | `number` | `5` | no |
 | <a name="input_min_nodes"></a> [min\_nodes](#input\_min\_nodes) | n/a | `number` | `1` | no |
 | <a name="input_module_name"></a> [module\_name](#input\_module\_name) | Module name | `string` | n/a | yes |

docs/references/modules/azure_base.md

@@ -19,38 +19,42 @@ No modules.
 | Name | Type |
 |------|------|
 | [azurerm_container_registry.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry) | resource |
-| [azurerm_key_vault.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
+| [azurerm_key_vault.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
 | [azurerm_key_vault_key.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource |
 | [azurerm_log_analytics_workspace.watcher](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) | resource |
 | [azurerm_monitor_diagnostic_setting.infra_logging](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
-| [azurerm_nat_gateway.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway) | resource |
-| [azurerm_nat_gateway_public_ip_association.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_association) | resource |
-| [azurerm_nat_gateway_public_ip_prefix_association.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_prefix_association) | resource |
-| [azurerm_network_security_group.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource |
+| [azurerm_nat_gateway.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway) | resource |
+| [azurerm_nat_gateway_public_ip_association.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_association) | resource |
+| [azurerm_nat_gateway_public_ip_prefix_association.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/nat_gateway_public_ip_prefix_association) | resource |
+| [azurerm_network_security_group.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_group) | resource |
 | [azurerm_network_security_rule.allowoutbound](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource |
 | [azurerm_network_security_rule.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule) | resource |
 | [azurerm_network_watcher_flow_log.vpc_flow_log](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_watcher_flow_log) | resource |
-| [azurerm_public_ip.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
-| [azurerm_public_ip_prefix.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip_prefix) | resource |
+| [azurerm_public_ip.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip) | resource |
+| [azurerm_public_ip_prefix.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/public_ip_prefix) | resource |
 | [azurerm_role_assignment.acr_encryption](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_storage_account.infra_logging](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account) | resource |
-| [azurerm_subnet.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
-| [azurerm_subnet_nat_gateway_association.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
-| [azurerm_subnet_network_security_group_association.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
+| [azurerm_subnet.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet) | resource |
+| [azurerm_subnet_nat_gateway_association.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_nat_gateway_association) | resource |
+| [azurerm_subnet_network_security_group_association.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet_network_security_group_association) | resource |
 | [azurerm_user_assigned_identity.acr_uai](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
-| [azurerm_virtual_network.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource |
+| [azurerm_virtual_network.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) | resource |
 | [random_id.acr_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [random_id.key_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [random_id.logging_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [azurerm_network_watcher.default](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/network_watcher) | data source |
-| [azurerm_resource_group.opta](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_resource_group.pltf](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_env_name"></a> [env\_name](#input\_env\_name) | Env name | `string` | n/a | yes |
+| <a name="input_key_vault_ip_rules"></a> [key\_vault\_ip\_rules](#input\_key\_vault\_ip\_rules) | n/a | `list(string)` | `[]` | no |
+| <a name="input_key_vault_key_expiration_date"></a> [key\_vault\_key\_expiration\_date](#input\_key\_vault\_key\_expiration\_date) | n/a | `string` | `"2035-01-01T00:00:00Z"` | no |
+| <a name="input_key_vault_soft_delete_retention_days"></a> [key\_vault\_soft\_delete\_retention\_days](#input\_key\_vault\_soft\_delete\_retention\_days) | n/a | `number` | `90` | no |
+| <a name="input_key_vault_subnet_ids"></a> [key\_vault\_subnet\_ids](#input\_key\_vault\_subnet\_ids) | n/a | `list(string)` | `[]` | no |
 | <a name="input_layer_name"></a> [layer\_name](#input\_layer\_name) | Layer name | `string` | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | n/a | `string` | n/a | yes |
 | <a name="input_module_name"></a> [module\_name](#input\_module\_name) | Module name | `string` | n/a | yes |
@@ -64,6 +68,7 @@ No modules.
 | <a name="output_acr_id"></a> [acr\_id](#output\_acr\_id) | n/a |
 | <a name="output_acr_login_url"></a> [acr\_login\_url](#output\_acr\_login\_url) | n/a |
 | <a name="output_acr_name"></a> [acr\_name](#output\_acr\_name) | n/a |
+| <a name="output_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#output\_log\_analytics\_workspace\_id) | n/a |
 | <a name="output_private_subnet_id"></a> [private\_subnet\_id](#output\_private\_subnet\_id) | n/a |
 | <a name="output_private_subnet_name"></a> [private\_subnet\_name](#output\_private\_subnet\_name) | n/a |
 | <a name="output_public_nat_ips"></a> [public\_nat\_ips](#output\_public\_nat\_ips) | n/a |

docs/references/modules/azure_postgres.md

@@ -18,6 +18,9 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [azurerm_postgresql_configuration.connection_throttling](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration) | resource |
+| [azurerm_postgresql_configuration.log_checkpoints](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration) | resource |
+| [azurerm_postgresql_configuration.log_connections](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration) | resource |
 | [azurerm_postgresql_configuration.log_disconnections](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration) | resource |
 | [azurerm_postgresql_configuration.log_duration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration) | resource |
 | [azurerm_postgresql_configuration.log_retention_days](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_configuration) | resource |

modules/azure_aks/aks.tf

@@ -62,6 +62,7 @@ resource "azurerm_kubernetes_cluster" "main" {
   dns_prefix          = "pltf"
   //  disk_encryption_set_id = azurerm_disk_encryption_set.pltf.id
   kubernetes_version = var.kubernetes_version
+  role_based_access_control_enabled = true
 
   network_profile {
     network_plugin     = "azure"
@@ -78,6 +79,10 @@ resource "azurerm_kubernetes_cluster" "main" {
     admin_group_object_ids = var.admin_group_object_ids
   }
 
+  oms_agent {
+    log_analytics_workspace_id = var.log_analytics_workspace_id
+  }
+
   default_node_pool {
     name                = "default"
     node_count          = var.min_nodes
@@ -113,4 +118,4 @@ resource "azurerm_kubernetes_cluster" "main" {
     azurerm_role_assignment.k8s_assign_identities,
     azurerm_role_assignment.azurerm_container_registry_agent_pool
   ]
-}
+}

modules/azure_aks/azure_aks.md

@@ -40,6 +40,7 @@ No modules.
 | <a name="input_env_name"></a> [env\_name](#input\_env\_name) | Env name | `string` | n/a | yes |
 | <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | n/a | `string` | `"1.21.9"` | no |
 | <a name="input_layer_name"></a> [layer\_name](#input\_layer\_name) | Layer name | `string` | n/a | yes |
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | n/a | `string` | n/a | yes |
 | <a name="input_max_nodes"></a> [max\_nodes](#input\_max\_nodes) | n/a | `number` | `5` | no |
 | <a name="input_min_nodes"></a> [min\_nodes](#input\_min\_nodes) | n/a | `number` | `1` | no |
 | <a name="input_module_name"></a> [module\_name](#input\_module\_name) | Module name | `string` | n/a | yes |

modules/azure_aks/module.yaml

@@ -40,6 +40,9 @@ inputs:
       name: layer_name
       required: true
       type: string
+    - name: log_analytics_workspace_id
+      required: true
+      type: string
     - default: 5
       name: max_nodes
       required: false

modules/azure_aks/variables.tf

@@ -63,6 +63,10 @@ variable "admin_group_object_ids" {
   default = []
 }
 
+variable "log_analytics_workspace_id" {
+  type = string
+}
+
 variable "node_instance_type" {
   type    = string
   default = "Standard_D2_v2"
@@ -76,4 +80,4 @@ variable "service_cidr" {
 variable "dns_service_ip" {
   type    = string
   default = "10.0.128.10"
-}
+}

modules/azure_base/acr.tf

@@ -3,9 +3,9 @@ resource "random_id" "acr_suffix" {
 }
 
 resource "azurerm_container_registry" "acr" {
-  name                = "opta${random_id.acr_suffix.hex}"
-  location            = data.azurerm_resource_group.opta.location
-  resource_group_name = data.azurerm_resource_group.opta.name
+  name                = "pltf${random_id.acr_suffix.hex}"
+  location            = data.azurerm_resource_group.pltf.location
+  resource_group_name = data.azurerm_resource_group.pltf.name
   sku                 = "Premium"
 
   identity {
@@ -26,13 +26,13 @@ resource "azurerm_container_registry" "acr" {
 }
 
 resource "azurerm_user_assigned_identity" "acr_uai" {
-  location            = data.azurerm_resource_group.opta.location
-  resource_group_name = data.azurerm_resource_group.opta.name
+  location            = data.azurerm_resource_group.pltf.location
+  resource_group_name = data.azurerm_resource_group.pltf.name
   name                = "registry-uai"
 }
 
 resource "azurerm_role_assignment" "acr_encryption" {
-  scope                = azurerm_key_vault.opta.id
+  scope                = azurerm_key_vault.pltf.id
   role_definition_name = "Key Vault Crypto Service Encryption User"
   principal_id         = azurerm_user_assigned_identity.acr_uai.principal_id
 }