diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..f878090
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,2 @@
+## code changes will send PR to following users
+* @Think-Cube/think-cube
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..134f8ca
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+version: 2
+updates:
+ - package-ecosystem: "terraform"
+ directory: "/"
+ schedule:
+ interval: "monthly"
+ timezone: "Europe/London"
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "weekly"
+ day: "monday"
+ time: "20:00"
+ timezone: "Europe/London"
diff --git a/.github/workflows/auto-merge-github-actions.yml b/.github/workflows/auto-merge-github-actions.yml
new file mode 100644
index 0000000..4a7830e
--- /dev/null
+++ b/.github/workflows/auto-merge-github-actions.yml
@@ -0,0 +1,25 @@
+name: Auto Merge GitHub Actions
+on:
+ pull_request:
+ types:
+ - opened
+ - synchronize
+permissions:
+ contents: write
+jobs:
+ auto-merge:
+ runs-on: ubuntu-latest
+ if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.head.ref, 'dependabot/github_actions/')
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ - name: Auto approve
+ uses: hmarr/auto-approve-action@v4.0.0
+ with:
+ github-token: ${{ secrets.GH_TOKEN }}
+ - name: Merge pull request
+ uses: "pascalgn/automerge-action@v0.16.4"
+ permissions:
+ contents: write
+ env:
+ GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
new file mode 100644
index 0000000..0f449a2
--- /dev/null
+++ b/.github/workflows/documentation.yml
@@ -0,0 +1,20 @@
+name: Generate terraform docs
+on:
+ - pull_request
+permissions:
+ contents: write
+jobs:
+ docs:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ ref: ${{ github.event.pull_request.head.ref }}
+
+ - name: Render terraform docs inside the README.md and push changes back to PR branch
+ uses: terraform-docs/gh-actions@v1.3.0
+ with:
+ working-dir: .
+ output-file: README.md
+ output-method: inject
+ git-push: "true"
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
new file mode 100644
index 0000000..7ab86e5
--- /dev/null
+++ b/.github/workflows/tfsec.yml
@@ -0,0 +1,27 @@
+name: tfsec
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+ schedule:
+ - cron: '44 9 * * 1'
+jobs:
+ tfsec:
+ name: Run tfsec sarif report
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+ steps:
+ - name: Clone repo
+ uses: actions/checkout@v4
+ - name: Run tfsec
+ uses: aquasecurity/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608
+ with:
+ sarif_file: tfsec.sarif
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: tfsec.sarif
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bb16dae
--- /dev/null
+++ b/README.md
@@ -0,0 +1,54 @@
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.6.3 |
+| [azurerm](#requirement\_azurerm) | 3.100.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [azurerm](#provider\_azurerm) | 3.100.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_app_configuration.main](https://registry.terraform.io/providers/hashicorp/azurerm/3.100.0/docs/resources/app_configuration) | resource |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/3.100.0/docs/data-sources/client_config) | data source |
+| [azurerm_resource_group.rg](https://registry.terraform.io/providers/hashicorp/azurerm/3.100.0/docs/data-sources/resource_group) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [app\_configuration\_local\_auth\_enabled](#input\_app\_configuration\_local\_auth\_enabled) | Indicates whether local authentication methods are enabled for accessing the App Configuration. Defaults to true. | `bool` | `true` | no |
+| [app\_configuration\_name](#input\_app\_configuration\_name) | The name of the App Configuration resource. Changing this will force a new resource to be created. | `string` | n/a | yes |
+| [app\_configuration\_public\_network\_access](#input\_app\_configuration\_public\_network\_access) | Specifies the public network access setting for the App Configuration. Possible values are 'Enabled' and 'Disabled'. | `string` | `"Enabled"` | no |
+| [app\_configuration\_purge\_protection\_enabled](#input\_app\_configuration\_purge\_protection\_enabled) | Indicates whether Purge Protection is enabled for the App Configuration. This feature is applicable only for the 'standard' SKU. Defaults to false. | `string` | `"false"` | no |
+| [app\_configuration\_sku](#input\_app\_configuration\_sku) | The SKU tier for the App Configuration, which determines the features available. Possible values are 'free' and 'standard'. | `string` | `"standard"` | no |
+| [app\_configuration\_soft\_delete\_retention\_days](#input\_app\_configuration\_soft\_delete\_retention\_days) | The retention period in days for soft-deleted items in the App Configuration. This feature is applicable only for the 'standard' SKU and can range from 1 to 7 days. Defaults to 7. Changing this will force a new resource to be created. | `number` | `7` | no |
+| [default\_tags](#input\_default\_tags) | A mapping of key-value pairs representing tags to assign to the resources, useful for organization and cost tracking. | `map(any)` | n/a | yes |
+| [environment](#input\_environment) | The environment identifier for the backend container name key, used to distinguish between development, testing, and production stages. | `string` | `"dev"` | no |
+| [region](#input\_region) | Specifies the geographical region where resources are deployed, impacting latency and compliance. | `string` | `"weu"` | no |
+| [resource\_group\_location](#input\_resource\_group\_location) | The geographical location/region where the resource group is created. Changing this forces a new resource to be created. | `string` | `"West Europe"` | no |
+| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which to create the resources, adhering to naming conventions and uniqueness within the subscription. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [endpoint](#output\_endpoint) | The URL of the App Configuration. |
+| [id](#output\_id) | The App Configuration ID. |
+| [identity](#output\_identity) | An identity block as defined below. |
+| [primary\_read\_key](#output\_primary\_read\_key) | A primary\_read\_key block as defined below containing the primary read access key. |
+| [primary\_write\_key](#output\_primary\_write\_key) | A primary\_write\_key block as defined below containing the primary write access key. |
+| [secondary\_read\_key](#output\_secondary\_read\_key) | A secondary\_read\_key block as defined below containing the secondary read access key. |
+| [secondary\_write\_key](#output\_secondary\_write\_key) | A secondary\_write\_key block as defined below containing the secondary write access key. |
+
\ No newline at end of file
diff --git a/app_configuration.tf b/app_configuration.tf
new file mode 100644
index 0000000..0063ace
--- /dev/null
+++ b/app_configuration.tf
@@ -0,0 +1,11 @@
+resource "azurerm_app_configuration" "main" {
+ name = "${var.environment}-${var.app_configuration_name}-${var.region}-appcnf"
+ resource_group_name = data.azurerm_resource_group.rg.name
+ location = data.azurerm_resource_group.rg.location
+ sku = var.app_configuration_sku
+ local_auth_enabled = var.app_configuration_local_auth_enabled
+ public_network_access = var.app_configuration_public_network_access
+ purge_protection_enabled = var.app_configuration_purge_protection_enabled
+ soft_delete_retention_days = var.app_configuration_soft_delete_retention_days
+ tags = var.default_tags
+}
diff --git a/backend.tf b/backend.tf
new file mode 100644
index 0000000..1946f6e
--- /dev/null
+++ b/backend.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "3.100.0"
+ }
+ }
+ required_version = ">= 1.6.3"
+}
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..53e202a
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,5 @@
+data "azurerm_client_config" "current" {}
+
+data "azurerm_resource_group" "rg" {
+ name = var.resource_group_name
+}
diff --git a/output.tf b/output.tf
new file mode 100644
index 0000000..1da8a08
--- /dev/null
+++ b/output.tf
@@ -0,0 +1,35 @@
+output "id" {
+ description = "The App Configuration ID."
+ value = azurerm_app_configuration.main.id
+ sensitive = false
+}
+output "endpoint" {
+ description = "The URL of the App Configuration."
+ value = azurerm_app_configuration.main.endpoint
+ sensitive = false
+}
+output "primary_read_key" {
+ description = "A primary_read_key block as defined below containing the primary read access key."
+ value = azurerm_app_configuration.main.primary_read_key
+ sensitive = true
+}
+output "primary_write_key" {
+ description = "A primary_write_key block as defined below containing the primary write access key."
+ value = azurerm_app_configuration.main.primary_write_key
+ sensitive = true
+}
+output "secondary_read_key" {
+ description = " A secondary_read_key block as defined below containing the secondary read access key."
+ value = azurerm_app_configuration.main.secondary_read_key
+ sensitive = true
+}
+output "secondary_write_key" {
+ description = "A secondary_write_key block as defined below containing the secondary write access key."
+ value = azurerm_app_configuration.main.secondary_write_key
+ sensitive = true
+}
+output "identity" {
+ description = "An identity block as defined below."
+ value = azurerm_app_configuration.main.identity
+ sensitive = true
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..d055c05
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,70 @@
+###########################
+# Common vars
+###########################
+variable "environment" {
+ description = "The environment identifier for the backend container name key, used to distinguish between development, testing, and production stages."
+ type = string
+ default = "dev"
+}
+
+variable "default_tags" {
+ description = "A mapping of key-value pairs representing tags to assign to the resources, useful for organization and cost tracking."
+ type = map(any)
+}
+
+variable "region" {
+ description = "Specifies the geographical region where resources are deployed, impacting latency and compliance."
+ type = string
+ default = "weu"
+}
+
+###########################
+# Resource groups vars
+###########################
+variable "resource_group_location" {
+ description = "The geographical location/region where the resource group is created. Changing this forces a new resource to be created."
+ default = "West Europe"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "The name of the resource group in which to create the resources, adhering to naming conventions and uniqueness within the subscription."
+ type = string
+}
+###########################
+# App Configuration vars
+###########################
+variable "app_configuration_name" {
+ description = "The name of the App Configuration resource. Changing this will force a new resource to be created."
+ type = string
+}
+
+variable "app_configuration_sku" {
+ description = "The SKU tier for the App Configuration, which determines the features available. Possible values are 'free' and 'standard'."
+ type = string
+ default = "standard"
+}
+
+variable "app_configuration_local_auth_enabled" {
+ description = "Indicates whether local authentication methods are enabled for accessing the App Configuration. Defaults to true."
+ type = bool
+ default = true
+}
+
+variable "app_configuration_public_network_access" {
+ description = "Specifies the public network access setting for the App Configuration. Possible values are 'Enabled' and 'Disabled'."
+ type = string
+ default = "Enabled"
+}
+
+variable "app_configuration_purge_protection_enabled" {
+ description = "Indicates whether Purge Protection is enabled for the App Configuration. This feature is applicable only for the 'standard' SKU. Defaults to false."
+ type = string
+ default = "false"
+}
+
+variable "app_configuration_soft_delete_retention_days" {
+ description = "The retention period in days for soft-deleted items in the App Configuration. This feature is applicable only for the 'standard' SKU and can range from 1 to 7 days. Defaults to 7. Changing this will force a new resource to be created."
+ type = number
+ default = 7
+}