azurermVirtualMachinePacketCapture

Configures Network Packet Capturing against a Virtual Machine using a Network Watcher.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_1",
  {
    account_replication_type: "LRS",
    account_tier: "Standard",
    location: azurermResourceGroupExample.location,
    name: "examplesa",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_2",
  {
    address_space: ["10.0.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "example-network",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermNetworkWatcherExample = new azurerm.networkWatcher.NetworkWatcher(
  this,
  "example_3",
  {
    location: azurermResourceGroupExample.location,
    name: "example-nw",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkWatcherExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_4", {
  address_prefixes: ["10.0.2.0/24"],
  name: "internal",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermNetworkInterfaceExample =
  new azurerm.networkInterface.NetworkInterface(this, "example_5", {
    ip_configuration: [
      {
        name: "testconfiguration1",
        private_ip_address_allocation: "Dynamic",
        subnet_id: azurermSubnetExample.id,
      },
    ],
    location: azurermResourceGroupExample.location,
    name: "example-nic",
    resource_group_name: azurermResourceGroupExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkInterfaceExample.overrideLogicalId("example");
const azurermVirtualMachineExample = new azurerm.virtualMachine.VirtualMachine(
  this,
  "example_6",
  {
    location: azurermResourceGroupExample.location,
    name: "example-vm",
    network_interface_ids: [azurermNetworkInterfaceExample.id],
    os_profile: [
      {
        admin_password: "Password1234!",
        admin_username: "testadmin",
        computer_name: "pctest-vm",
      },
    ],
    os_profile_linux_config: [
      {
        disable_password_authentication: false,
      },
    ],
    resource_group_name: azurermResourceGroupExample.name,
    storage_image_reference: [
      {
        offer: "UbuntuServer",
        publisher: "Canonical",
        sku: "16.04-LTS",
        version: "latest",
      },
    ],
    storage_os_disk: [
      {
        caching: "ReadWrite",
        create_option: "FromImage",
        managed_disk_type: "Standard_LRS",
        name: "osdisk",
      },
    ],
    vm_size: "Standard_F2",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualMachineExample.overrideLogicalId("example");
const azurermVirtualMachineExtensionExample =
  new azurerm.virtualMachineExtension.VirtualMachineExtension(
    this,
    "example_7",
    {
      auto_upgrade_minor_version: true,
      name: "network-watcher",
      publisher: "Microsoft.Azure.NetworkWatcher",
      type: "NetworkWatcherAgentLinux",
      type_handler_version: "1.4",
      virtual_machine_id: azurermVirtualMachineExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualMachineExtensionExample.overrideLogicalId("example");
const azurermVirtualMachinePacketCaptureExample =
  new azurerm.virtualMachinePacketCapture.VirtualMachinePacketCapture(
    this,
    "example_8",
    {
      depends_on: [`\${${azurermVirtualMachineExtensionExample.fqn}}`],
      name: "example-pc",
      network_watcher_id: azurermNetworkWatcherExample.id,
      storage_location: [
        {
          storage_account_id: azurermStorageAccountExample.id,
        },
      ],
      virtual_machine_id: azurermVirtualMachineExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualMachinePacketCaptureExample.overrideLogicalId("example");

\~> NOTE: This Resource requires that the Network Watcher Virtual Machine Extension is installed on the Virtual Machine before capturing can be enabled which can be installed via the azurermVirtualMachineExtension resource.

Argument Reference

The following arguments are supported:

name - (Required) The name to use for this Network Packet Capture. Changing this forces a new resource to be created.
networkWatcherId - (Required) The resource ID of the Network Watcher. Changing this forces a new resource to be created.
virtualMachineId - (Required) The resource ID of the target Virtual Machine to capture packets from. Changing this forces a new resource to be created.
maximumBytesPerPacket - (Optional) The number of bytes captured per packet. The remaining bytes are truncated. Defaults to 0 (Entire Packet Captured). Changing this forces a new resource to be created.
maximumBytesPerSession - (Optional) Maximum size of the capture in Bytes. Defaults to 1073741824 (1GB). Changing this forces a new resource to be created.
maximumCaptureDurationInSeconds - (Optional) The maximum duration of the capture session in seconds. Defaults to 18000 (5 hours). Changing this forces a new resource to be created.
storageLocation - (Required) A storageLocation block as defined below. Changing this forces a new resource to be created.
filter - (Optional) One or more filter blocks as defined below. Changing this forces a new resource to be created.

A storageLocation block contains:

filePath - (Optional) A valid local path on the target Virtual Machine. Must include the name of the capture file (*.cap). For Linux Virtual Machines it must start with /var/captures.
storageAccountId - (Optional) The ID of the storage account where the packet capture sessions should be saved to.

\~> NOTE: At least one of filePath or storageAccountId must be specified.

A filter block contains:

localIpAddress - (Optional) The local IP Address to be filtered on. Specify 127001 for a single address entry, 12700112700255 for a range and 127001;127005 for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created.
localPort - (Optional) The local port to be filtered on. Specify 80 for single port entry, 8085 for a range and 80;443; for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created.
protocol - (Required) The Protocol to be filtered on. Possible values include any, tcp and udp. Changing this forces a new resource to be created.
remoteIpAddress - (Optional) The remote IP Address to be filtered on. Specify 127001 for a single address entry, 12700112700255 for a range and 127001;127005 for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created.
remotePort - (Optional) The remote port to be filtered on. Specify 80 for single port entry, 8085 for a range and 80;443; for multiple entries. Multiple ranges and mixing ranges with multiple entries are currently not supported. Changing this forces a new resource to be created.

Attributes Reference

The following attributes are exported:

id - The Virtual Machine Packet Capture ID.
storageLocation - (Required) A storageLocation block as defined below.

A storageLocation block contains:

storagePath - The URI of the storage path where the packet capture sessions are saved to.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 30 minutes) Used when creating the Virtual Machine Packet Capture.
read - (Defaults to 5 minutes) Used when retrieving the Virtual Machine Packet Capture.
delete - (Defaults to 30 minutes) Used when deleting the Virtual Machine Packet Capture.

Import

Virtual Machine Packet Captures can be imported using the resourceId, e.g.

terraform import azurerm_virtual_machine_packet_capture.capture1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/networkWatchers/watcher1/packetCaptures/capture1