azureterraform-provider-azureazure-defender

How to enable "Log Analytics agent/Azure Monitor agent" in Microsoft Defender for Cloud using Terraform?


How do I enable "Log Analytics agent/Azure Monitor agent" in Microsoft Defender for Cloud using Terraform?

enter image description here

I have the below Terraform code however it does not enable this settings.

resource "azurerm_security_center_subscription_pricing" "mdc_vm" {
  count         = var.enable_defender_plan_for_virtualmachines ? 1 : 0
  tier          = "Standard"
  resource_type = "VirtualMachines"
}

resource "null_resource" "reset_vm" {
  count = var.enable_defender_plan_for_virtualmachines ? 1 : 0
  triggers = {
    ad_info = local.az_info
  }
  provisioner "local-exec" {
    when    = destroy
    command = <<-EOD
      az login --service-principal -u ${element(split(",", self.triggers.ad_info), 0)} -p $ARM_CLIENT_SECRET --tenant ${element(split(",", self.triggers.ad_info), 2)}
      az security pricing create -n VirtualMachines --tier 'Free' --subscription ${element(split(",", self.triggers.ad_info), 1)}
    EOD
  }
}

Solution

  • The azurerm provider has a resource for automatically provisioning theLog Analytics/Azure Monitor agents, so using a local-exec provisioner is not necessary:

    resource "azurerm_security_center_auto_provisioning" "auto-provisioning" {
      auto_provision = "On"
    }