Manage your Terraform configuration

You can manage your Terraform® for Arctic Wolf® Cloud Security Posture Management (CSPM) configuration using any of these methods:

Retrieve environment values — See Retrieve environment values.
Edit Terraform values — See Editable Terraform values.

Retrieve environment values

Based on which environment value you want to retrieve, do one of these actions:

In a terminal, run this command to retrieve registration details:
SHELL
terraform output registration`
```
terraform output registration`
```
Run this command to retrieve the secret key:
Note:
The -raw option displays the key in plain text. Sensitive output is redacted by default.
SHELL
terraform output -raw secret_key
```
terraform output -raw secret_key
```
Run this command to retrieve the roles assigned to the Azure Cloud Environment Scanner:
SHELL
terraform output assigned_roles
```
terraform output assigned_roles
```

Editable Terraform values

Note:

The main.tf file contains default values that can be adjusted based on specific needs or use cases.

Based on the Terraform value you want to edit, do one of these actions:

Subscription — Run this command:
Note:
By default, the CSPM configuration module creates the necessary resources for the primary environment subscription.
SHELL
data "azurerm_subscription" "example" { id = "12345678-12234-5678-9012-123456789012" }
```
data "azurerm_subscription" "example" {
id = "12345678-12234-5678-9012-123456789012"
}
```
Where:
- azurerm_subscription is the name of the appropriate subscription ID if your Azure environment contains multiple subscriptions.
Application display name — Run this command to change the azuread_application resource block to better suit preferred naming conventions:
BASH
resource "azuread_application" "example" { display_name = "AWN Cloud Scanner" }
```
resource "azuread_application" "example" {
display_name = "AWN Cloud Scanner"
}
```
Application secrets key rotation — Run this command:
Note:
By default, the application secrets key rotates every 365 days. You can modify this based on specific preferences or compliance requirements.
BASH
resource "time_rotating" "example" { rotation_days = 365 }
```
resource "time_rotating" "example" {
  rotation_days = 365
}
```
Where:
- You can remove the time_rotating. If you remove the time_rotating resource call block, you must also remove the rotate_when_changed from the azuread_application_password resource call block.
Note:
You must provide your new credentials through the MDR Dashboard for registration each time the secrets key rotates.
Application secrets key display name — Run this command:
BASH
resource "azuread_application_password" "example" { application_object_id = azuread_application.example.object_id display_name = "AWN Cloud Scan Credentials" rotation = time_rotating.example.id } }
```
resource "azuread_application_password" "example" {
  application_object_id = azuread_application.example.object_id
  display_name = "AWN Cloud Scan Credentials"
         rotation = time_rotating.example.id
  }
}
```
Where:
- azuread_application_password resource block can change to better suit preferred naming conventions.
  Note:
  If you remove the time_rotating resource call block, you must also remove the rotate_when_changed parameter from the azuread_application_password resource call block.