azurermSecurityCenterAssessment

Manages the Security Center Assessment for Azure Security Center.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermSecurityCenterAssessmentPolicyExample =
  new azurerm.securityCenterAssessmentPolicy.SecurityCenterAssessmentPolicy(
    this,
    "example_1",
    {
      description: "Test Description",
      display_name: "Test Display Name",
      severity: "Medium",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSecurityCenterAssessmentPolicyExample.overrideLogicalId("example");
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_2",
  {
    address_space: ["10.0.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "example-network",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermSubnetInternal = new azurerm.subnet.Subnet(this, "internal", {
  address_prefixes: ["10.0.2.0/24"],
  name: "internal",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_network_name: azurermVirtualNetworkExample.name,
});
const azurermLinuxVirtualMachineScaleSetExample =
  new azurerm.linuxVirtualMachineScaleSet.LinuxVirtualMachineScaleSet(
    this,
    "example_4",
    {
      admin_ssh_key: [
        {
          public_key: '${file("~/.ssh/id_rsa.pub")}',
          username: "adminuser",
        },
      ],
      admin_username: "adminuser",
      instances: 1,
      location: azurermResourceGroupExample.location,
      name: "example-vmss",
      network_interface: [
        {
          ip_configuration: [
            {
              name: "internal",
              primary: true,
              subnet_id: azurermSubnetInternal.id,
            },
          ],
          name: "example",
          primary: true,
        },
      ],
      os_disk: [
        {
          caching: "ReadWrite",
          storage_account_type: "Standard_LRS",
        },
      ],
      resource_group_name: azurermResourceGroupExample.name,
      sku: "Standard_F2",
      source_image_reference: [
        {
          offer: "UbuntuServer",
          publisher: "Canonical",
          sku: "16.04-LTS",
          version: "latest",
        },
      ],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLinuxVirtualMachineScaleSetExample.overrideLogicalId("example");
const azurermSecurityCenterAssessmentExample =
  new azurerm.securityCenterAssessment.SecurityCenterAssessment(
    this,
    "example_5",
    {
      assessment_policy_id: azurermSecurityCenterAssessmentPolicyExample.id,
      status: [
        {
          code: "Healthy",
        },
      ],
      target_resource_id: azurermLinuxVirtualMachineScaleSetExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSecurityCenterAssessmentExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

assessmentPolicyId - (Required) The ID of the security Assessment policy to apply to this resource. Changing this forces a new security Assessment to be created.
targetResourceId - (Required) The ID of the target resource. Changing this forces a new security Assessment to be created.
status - (Required) A status block as defined below.
additionalData - (Optional) A map of additional data to associate with the assessment.

A status block supports the following:

code - (Required) Specifies the programmatic code of the assessment status. Possible values are healthy, unhealthy and notApplicable.
cause - (Optional) Specifies the cause of the assessment status.
description - (Optional) Specifies the human readable description of the assessment status.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

id - The ID of the Security Center Assessment.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 30 minutes) Used when creating the Security Center Assessment.
read - (Defaults to 5 minutes) Used when retrieving the Security Center Assessment.
update - (Defaults to 30 minutes) Used when updating the Security Center Assessment.
delete - (Defaults to 30 minutes) Used when deleting the Security Center Assessment.

Import

Security Assessment can be imported using the resourceId, e.g.

terraform import azurerm_security_center_assessment.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/00000000-0000-0000-0000-000000000000