Azure Security Center Solution
This page shows how to write Terraform and Azure Resource Manager for Security Center Solution and write them securely.
azurerm_iot_security_solution (Terraform)
The Solution in Security Center can be configured in Terraform with the resource name azurerm_iot_security_solution
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
display_name
required - string -
enabled
optional - bool -
events_to_export
optional - set of string -
id
optional computed - string -
iothub_ids
required - set of string -
location
required - string -
log_analytics_workspace_id
optional - string -
log_unmasked_ips_enabled
optional - bool -
name
required - string -
query_for_resources
optional computed - string -
query_subscription_ids
optional computed - set of string -
resource_group_name
required - string -
tags
optional - map from string to string -
recommendations_enabled
list block-
acr_authentication
optional - bool -
agent_send_unutilized_msg
optional - bool -
baseline
optional - bool -
edge_hub_mem_optimize
optional - bool -
edge_logging_option
optional - bool -
inconsistent_module_settings
optional - bool -
install_agent
optional - bool -
ip_filter_deny_all
optional - bool -
ip_filter_permissive_rule
optional - bool -
open_ports
optional - bool -
permissive_firewall_policy
optional - bool -
permissive_input_firewall_rules
optional - bool -
permissive_output_firewall_rules
optional - bool -
privileged_docker_options
optional - bool -
shared_credentials
optional - bool -
vulnerable_tls_cipher_suite
optional - bool
-
-
timeouts
single block
Explanation in Terraform Registry
Manages an iot security solution.
Tips: Best Practices for The Other Azure Security Center Resources
In addition to the azurerm_security_center_contact, Azure Security Center has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_security_center_contact
Ensure to enable alert notifications
It is better to configure at least one valid contact for the security center. Microsoft will inform you directly in the event of a security incident using emails.
azurerm_security_center_subscription_pricing
Ensure to enable alert notifications
It is better to enable Azure Defender, which is a cloud workload protection service for App Services. In addition, It is also able to analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP.
Microsoft.Security/IoTSecuritySolutions (Azure Resource Manager)
The IoTSecuritySolutions in Microsoft.Security can be configured in Azure Resource Manager with the resource name Microsoft.Security/IoTSecuritySolutions
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"name": "default",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Security/iotSecuritySolutions/status",
"type": "Microsoft.Security/IoTSecuritySolutions",
"tags": {},
"properties": {
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1",
"status": "Enabled",
"export": [],