Update/Move ASC

src/terraform/core/overlays/azureSecurityCenter/main.tf

@@ -0,0 +1,40 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+  }
+}
+
+locals {
+  # Path: src\terraform\azresources\modules\Microsoft.Security\azureSecurityCenter\main.tf
+  # Name: azureSecurityCenter
+  # Description: Azure Security Center
+
+ bundle = (var.environment == "public") ? [
+    "AppServices",
+    "Arm",
+    "ContainerRegistry",
+    "Containers",
+    "CosmosDbs",
+    "Dns",
+    "KeyVaults",
+    "KubernetesService",
+    "OpenSourceRelationalDatabases",
+    "SqlServers",
+    "SqlServerVirtualMachines",
+    "StorageAccounts",
+    "VirtualMachines"
+    ] : (var.environment == "usgovernment") ? [
+    "Arm",
+    "ContainerRegistry",
+    "Containers",
+    "Dns",
+    "KubernetesService",
+    "OpenSourceRelationalDatabases",
+    "SqlServers",
+    "SqlServerVirtualMachines",
+    "StorageAccounts",
+    "VirtualMachines"
+  ] : []
+}

src/terraform/core/overlays/azureSecurityCenter/module.tf

@@ -0,0 +1,64 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# This module deploys Azure Security Center
+# For more information see the module documentation at
+# https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/deploy-microsoft-defender-for-cloud-via-terraform/ba-p/3563710
+
+#----------------------------------------------------------
+# Resource Group, Log Analytics Data Resources
+#----------------------------------------------------------
+data "azurerm_resource_group" "logging_rg" {
+  name = var.resource_group_name
+}
+
+data "azurerm_log_analytics_workspace" "logws" {
+  name                = var.log_analytics_workspace_name
+  resource_group_name = data.azurerm_resource_group.logging_rg.name
+}
+
+#----------------------------------------------------------
+# Current Subscription Data Resources
+#----------------------------------------------------------
+
+data "azurerm_subscription" "current" {}
+
+#----------------------------------------------------------
+# Azure Security Center Workspace Resource
+#----------------------------------------------------------
+
+resource "azurerm_security_center_workspace" "main" {
+  scope        = var.scope_resource_id == null ? data.azurerm_subscription.current.id : var.scope_resource_id
+  workspace_id = data.azurerm_log_analytics_workspace.logws.id
+}
+
+#----------------------------------------------------------
+# Azure Security Center Subscription Pricing Resources
+#----------------------------------------------------------
+
+resource "azurerm_security_center_subscription_pricing" "main" {
+  for_each      = toset(local.bundle)
+  tier          = "Standard"
+  resource_type = each.value
+}
+
+#----------------------------------------------------------
+# Azure Security Center Contact Resources
+#----------------------------------------------------------
+resource "azurerm_security_center_contact" "main" {
+  email               = lookup(var.security_center_contacts, "email")
+  phone               = lookup(var.security_center_contacts, "phone", null)
+  alert_notifications = lookup(var.security_center_contacts, "alert_notifications", true)
+  alerts_to_admins    = lookup(var.security_center_contacts, "alerts_to_admins", true)
+}
+
+resource "azurerm_security_center_setting" "main" {
+  count        = var.enable_security_center_setting ? 1 : 0
+  setting_name = var.security_center_setting_name
+  enabled      = var.enable_security_center_setting
+}
+
+resource "azurerm_security_center_auto_provisioning" "main" {
+  count          = var.enable_security_center_auto_provisioning == "On" ? 1 : 0
+  auto_provision = var.enable_security_center_auto_provisioning
+}

src/terraform/core/overlays/azureSecurityCenter/outputs.tf

@@ -0,0 +1,9 @@
+output "security_center_workspace_id" {
+  description = "The Security Center Workspace resource ID."
+  value       = azurerm_security_center_workspace.main.id
+}
+
+output "security_center_contact_id" {
+  description = "The Security Center Contact ID"
+  value       = azurerm_security_center_contact.main.id
+}

src/terraform/core/overlays/azureSecurityCenter/variables.tf

@@ -0,0 +1,41 @@
+variable "environment" {
+  description = "The Terraform backend environment e.g. public or usgovernment"
+  type        = string
+  default     = "public"
+}
+
+variable "resource_group_name" {
+  description = "A container that holds related resources for an Azure solution"
+  default     = ""
+}
+
+variable "log_analytics_workspace_name" {
+  description = "The name of log analytics workspace name"
+  default     = ""
+}
+
+variable "security_center_contacts" {
+  type        = map(string)
+  description = "Manages the subscription's Security Center Contact"
+  default     = {}
+}
+
+variable "scope_resource_id" {
+  description = "The scope of VMs to send their security data to the desired workspace, unless overridden by a setting with more specific scope"
+  default     = null
+}
+
+variable "security_center_setting_name" {
+  description = "The setting to manage. Possible values are `MCAS` and `WDAT`"
+  default     = "MCAS"
+}
+
+variable "enable_security_center_setting" {
+  description = "Boolean flag to enable/disable data access"
+  default     = false
+}
+
+variable "enable_security_center_auto_provisioning" {
+  description = "Should the security agent be automatically provisioned on Virtual Machines in this subscription?"
+  default     = "Off"
+}