d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
409fb5e738d4d6033a09f4e607dd836edb0e4f0e
smom-dbis-138/terraform/modules/security/main.tf
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

121 lines
3.2 KiB
HCL
Raw Blame History

# Security Module for Azure
# Configures Azure Security Center, Key Vault, and security policies
# Azure Security Center (Defender for Cloud)
resource "azurerm_security_center_subscription_pricing" "main" {
tier = "Standard"
resource_type = "VirtualMachines"
}
resource "azurerm_security_center_subscription_pricing" "storage" {
tier = "Standard"
resource_type = "StorageAccounts"
}
resource "azurerm_security_center_subscription_pricing" "sql" {
tier = "Standard"
resource_type = "SqlServers"
}
resource "azurerm_security_center_subscription_pricing" "app_services" {
tier = "Standard"
resource_type = "AppServices"
}
# Security Center Auto Provisioning
resource "azurerm_security_center_auto_provisioning" "main" {
auto_provision = "On"
}
# Security Center Contact
resource "azurerm_security_center_contact" "main" {
email = var.security_contact_email
phone = var.security_contact_phone
alert_notifications = true
alerts_to_admins = true
}
# Security Center Workspace
resource "azurerm_security_center_workspace" "main" {
scope = "/subscriptions/${var.subscription_id}"
workspace_id = azurerm_log_analytics_workspace.security.id
}
# Log Analytics Workspace for Security Center
resource "azurerm_log_analytics_workspace" "security" {
name = "${var.cluster_name}-security-workspace"
location = var.location
resource_group_name = var.resource_group_name
sku = "PerGB2018"
retention_in_days = 90
tags = merge(var.tags, {
Purpose = "Security-Monitoring"
})
}
# Security Center Assessment
resource "azurerm_security_center_assessment" "aks" {
assessment_policy_id = azurerm_security_center_assessment_policy.aks.id
target_resource_id = var.aks_cluster_id
status {
code = "Healthy"
}
}
# Security Center Assessment Policy
resource "azurerm_security_center_assessment_policy" "aks" {
display_name = "AKS Security Assessment"
description = "Security assessment for AKS cluster"
severity = "Medium"
categories = ["Security"]
implementation_effort = "Low"
remediation_description = "Follow AKS security best practices"
threats = ["DataExfiltration", "DataSpillage", "MaliciousInsider"]
user_impact = "Low"
}
# Variables
variable "security_contact_email" {
description = "Email for security contact"
type = string
}
variable "security_contact_phone" {
description = "Phone for security contact"
type = string
default = ""
}
variable "subscription_id" {
description = "Azure subscription ID"
type = string
}
variable "aks_cluster_id" {
description = "AKS cluster resource ID"
type = string
}
variable "cluster_name" {
description = "Cluster name"
type = string
}
variable "location" {
description = "Azure region"
type = string
}
variable "resource_group_name" {
description = "Resource group name"
type = string
}
variable "tags" {
description = "Tags to apply to resources"
type = map(string)
default = {}
}
Reference in New Issue View Git Blame Copy Permalink