diff --git a/terraform/azure-remote-state/main.tf b/terraform/azure-remote-state/main.tf index 92f9ccc4e..366565427 100644 --- a/terraform/azure-remote-state/main.tf +++ b/terraform/azure-remote-state/main.tf @@ -11,7 +11,7 @@ terraform { } provider "azurerm" { - skip_provider_registration = "true" + resource_provider_registrations = "none" features {} } @@ -37,32 +37,11 @@ resource "azurerm_storage_account" "tfstate" { resource_group_name = azurerm_resource_group.tfstate.name location = var.default_azure_region account_tier = "Standard" + account_kind = "StorageV2" min_tls_version = "TLS1_2" account_replication_type = "LRS" allow_nested_items_to_be_public = false - queue_properties { - logging { - delete = true - read = true - write = true - version = "1.0" - retention_policy_days = 10 - } - hour_metrics { - enabled = true - include_apis = true - version = "1.0" - retention_policy_days = 10 - } - minute_metrics { - enabled = true - include_apis = true - version = "1.0" - retention_policy_days = 10 - } - } - tags = merge(local.common_tags, { "Region" = var.default_azure_region }) @@ -75,10 +54,34 @@ resource "azurerm_storage_account" "tfstate" { #checkov:skip=CKV2_AZURE_33:VNet not configured } +resource "azurerm_storage_account_queue_properties" "tfstateq" { + storage_account_id = azurerm_storage_account.tfstate.id + + logging { + version = "1.0" + delete = true + read = true + write = true + retention_policy_days = 10 + } + + hour_metrics { + version = "1.0" + include_apis = true + retention_policy_days = 10 + } + + minute_metrics { + version = "1.0" + include_apis = true + retention_policy_days = 10 + } +} + resource "azurerm_storage_container" "tfstate" { name = "${var.resource_name_prefix}-tfstate-stc" - storage_account_name = azurerm_storage_account.tfstate.name + storage_account_id = azurerm_storage_account.tfstate.id container_access_type = "private" #checkov:skip=CKV2_AZURE_21:Logging not required -} \ No newline at end of file +} diff --git a/terraform/modules/azure-storage/storage.tf b/terraform/modules/azure-storage/storage.tf index 46a49c6fc..399efb20b 100644 --- a/terraform/modules/azure-storage/storage.tf +++ b/terraform/modules/azure-storage/storage.tf @@ -3,34 +3,13 @@ resource "azurerm_storage_account" "sa" { resource_group_name = var.resource_group location = var.location account_tier = "Standard" + account_kind = "StorageV2" min_tls_version = "TLS1_2" account_replication_type = "LRS" allow_nested_items_to_be_public = false cross_tenant_replication_enabled = false shared_access_key_enabled = true - queue_properties { - logging { - delete = true - read = true - write = true - version = "1.0" - retention_policy_days = 10 - } - hour_metrics { - enabled = true - include_apis = true - version = "1.0" - retention_policy_days = 10 - } - minute_metrics { - enabled = true - include_apis = true - version = "1.0" - retention_policy_days = 10 - } - } - blob_properties { delete_retention_policy { days = 7 @@ -58,6 +37,30 @@ resource "azurerm_storage_account" "sa" { #checkov:skip=CKV2_AZURE_33:VNet not configured } +resource "azurerm_storage_account_queue_properties" "saq" { + storage_account_id = azurerm_storage_account.sa.id + + logging { + version = "1.0" + delete = true + read = true + write = true + retention_policy_days = 10 + } + + hour_metrics { + version = "1.0" + include_apis = true + retention_policy_days = 10 + } + + minute_metrics { + version = "1.0" + include_apis = true + retention_policy_days = 10 + } +} + resource "azurerm_storage_account_network_rules" "sa_network_rules" { storage_account_id = azurerm_storage_account.sa.id default_action = "Deny" @@ -68,7 +71,7 @@ resource "azurerm_storage_account_network_rules" "sa_network_rules" { resource "azurerm_storage_container" "data_protection" { name = "data-protection" - storage_account_name = azurerm_storage_account.sa.name + storage_account_id = azurerm_storage_account.sa.id container_access_type = "private" #checkov:skip=CKV2_AZURE_21:Logging not required