Terraform module that creates an Azure Active Directory Application to provide Lacework read-only access to Azure Subscriptions and Tenants. Lacework logins to Azure using a service principal (an App Registration) with Directory.Read.All on MS Graph API which can also be achieved using a Directory Reader role on Azure AD
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| azuread | ~> 3.0 |
| lacework | ~> 2.0 |
| Name | Version |
|---|---|
| azuread | ~> 3.0 |
| lacework | ~> 2.0 |
| time | n/a |
No modules.
| Name | Type |
|---|---|
| azuread_application.lacework | resource |
| azuread_application_password.client_secret | resource |
| azuread_directory_role.dir_reader | resource |
| azuread_directory_role_assignment.lacework_dir_reader | resource |
| azuread_service_principal.lacework | resource |
| time_sleep.wait_60_seconds | resource |
| azuread_client_config.current | data source |
| lacework_metric_module.lwmetrics | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| application_name | The name of the Azure Active Directory Application | string |
"lacework_security_audit" |
no |
| application_owners | The owners of the Azure Active Directory Application. If empty, current user will be owner | list(string) |
[] |
no |
| create | Set to false to prevent the module from creating any resources |
bool |
true |
no |
| enable_directory_reader | Enable Directory Reader role for this principal. This will allow Lacework to read Users/Groups/Principals from MS Graph API | bool |
true |
no |
| Name | Description |
|---|---|
| application_id | The Lacework AD Client id |
| application_password | The Lacework AD Application password |
| created | Was the Active Directory Application created |
| enable_directory_reader | Was the Active Directory Application granted Directory Reader role in Azure AD? |
| service_principal_id | The Lacework Service Principal id |