Rob Gil 308ea6a861 Enables logging for storage account buckets
There are bugs in the latest version of the azurerm provider which do
not account for all the log types. We had to use a local-exec here.
2020-01-30 14:43:59 -05:00

40 lines
1.4 KiB
HCL

resource "azurerm_resource_group" "bucket" {
name = "${var.name}-${var.environment}-${var.service_name}"
location = var.region
}
resource "azurerm_storage_account" "bucket" {
name = var.service_name
resource_group_name = azurerm_resource_group.bucket.name
location = azurerm_resource_group.bucket.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_account_network_rules" "acls" {
resource_group_name = azurerm_resource_group.bucket.name
storage_account_name = azurerm_storage_account.bucket.name
default_action = var.policy
# Azure Storage CIDR ACLs do not accept /32 CIDR ranges.
ip_rules = [
for cidr in values(var.whitelist) : cidr
]
virtual_network_subnet_ids = var.subnet_ids
bypass = ["AzureServices"]
}
resource "azurerm_storage_container" "bucket" {
name = "content"
storage_account_name = azurerm_storage_account.bucket.name
container_access_type = var.container_access_type
}
# Added until requisite TF bugs are fixed. Typically this would be configured in the
# storage_account resource
resource "null_resource" "retention" {
provisioner "local-exec" {
command = "az storage logging update --account-name ${azurerm_storage_account.bucket.name} --log rwd --services bqt --retention 90"
}
}