-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathmain.tf
49 lines (42 loc) · 1.53 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
##################
# resource group #
##################
# Create a resource group for security
resource "azurerm_resource_group" "security-rg" {
name = "security-${var.environment}-rg"
location = var.location
}
#############
# key vault #
#############
module "keyvault" {
source = "./modules/keyvault"
name = "${var.environment}-keyvault"
location = azurerm_resource_group.security-rg.location
resource_group_name = azurerm_resource_group.security-rg.name
enabled_for_deployment = var.kv-vm-deployment
enabled_for_disk_encryption = var.kv-disk-encryption
enabled_for_template_deployment = var.kv-template-deployment
tags = {
environment = "${var.environment}"
}
policies = {
full = {
tenant_id = var.azure-tenant-id
object_id = var.kv-full-object-id
key_permissions = var.kv-key-permissions-full
secret_permissions = var.kv-secret-permissions-full
certificate_permissions = var.kv-certificate-permissions-full
storage_permissions = var.kv-storage-permissions-full
}
read = {
tenant_id = var.azure-tenant-id
object_id = var.kv-read-object-id
key_permissions = var.kv-key-permissions-read
secret_permissions = var.kv-secret-permissions-read
certificate_permissions = var.kv-certificate-permissions-read
storage_permissions = var.kv-storage-permissions-read
}
}
secrets = var.kv-secrets
}