Locks down keyvaults to subnets and administrator ip addresses

2020-01-23 11:02:12 -05:00
parent c31d68a18c
commit dab6cdb7dc
4 changed files with 30 additions and 0 deletions
--- a/terraform/modules/keyvault/main.tf
+++ b/terraform/modules/keyvault/main.tf
@@ -13,6 +13,13 @@ resource "azurerm_key_vault" "keyvault" {

  sku_name = "premium"

+  network_acls {
+    default_action             = var.policy
+    bypass                     = "AzureServices"
+    virtual_network_subnet_ids = var.subnet_ids
+    ip_rules                   = values(var.whitelist)
+  }
+
  tags = {
    environment = var.environment
    owner       = var.owner