Microsoft Azure CSPM Terraform Configuration Management
Updated Nov 13, 2023Manage your Terraform configuration
You can manage your Terraform® for Arctic Wolf® Cloud Security Posture Management (CSPM) configuration using any of these methods:
- Retrieve environment values — See Retrieve environment values.
- Edit Terraform values — See Editable Terraform values.
Retrieve environment values
Based on which environment value you want to retrieve, do one of these actions:
-
In a terminal, run this command to retrieve registration details:
terraform output registration` -
Run this command to retrieve the secret key:
Note: The
-rawoption displays the key in plain text. Sensitive output is redacted by default.terraform output -raw secret_key -
Run this command to retrieve the roles assigned to the Azure Cloud Environment Scanner:
terraform output assigned_roles
Editable Terraform values
Note: The main.tf file contains default values that can be adjusted based on specific needs or use cases.
Based on the Terraform value you want to edit, do one of these actions:
-
Subscription — Run this command:
Note: By default, the CSPM configuration module creates the necessary resources for the primary environment subscription.
data "azurerm_subscription" "example" { id = "12345678-12234-5678-9012-123456789012" }Where:
- (Optional)
azurerm_subscriptionis the name of the appropriate subscription ID if your Azure environment contains multiple subscriptions.
- (Optional)
-
Application display name — Run this command to change the
azuread_applicationresource block to better suit preferred naming conventions:resource "azuread_application" "example" { display_name = "AWN Cloud Scanner" } -
Application secrets key rotation — Run this command:
Note: By default, the application secrets key rotates every 365 days. You can modify this based on specific preferences or compliance requirements.
resource "time_rotating" "example" { rotation_days = 365 }Where:
- (Optional) You can remove the
time_rotating. If you remove thetime_rotatingresource call block, you must also remove therotate_when_changedfrom theazuread_application_passwordresource call block.
Note: You must provide your new credentials through the Arctic Wolf Portal for registration each time the secrets key rotates.
- (Optional) You can remove the
-
Application secrets key display name — Run this command:
resource "azuread_application_password" "example" { application_object_id = azuread_application.example.object_id display_name = "AWN Cloud Scan Credentials" rotation = time_rotating.example.id } }Where:
- (Optional)
azuread_application_passwordresource block can change to better suit preferred naming conventions.Note: If you remove the
time_rotatingresource call block, you must also remove therotate_when_changedparameter from theazuread_application_passwordresource call block.
- (Optional)