This Terraform module sets up Cloudbase security scanning for Azure environments.
- Automatically creates a unique application name by including the subscription ID (
cloudbase-security-scan-app-<subscription-id>) - Sets up necessary permissions for CSPM and CWPP scanning
- Configures federated identity credentials for secure authentication
module "cloudbase" {
source = "Levetty/cloudbase/azure"
directory_id = "your-azure-directory-id"
subscription_id = "your-azure-subscription-id"
federated_identity_credential_security_scan = {
audiences = [<audience>]
issuer = <issuer>
subject = <subject>
}
}directory_id: The Azure Entra ID directory IDsubscription_id: The Azure subscription ID where security scanning will be performedfederated_identity_credential_security_scan: Federated Identity Credential for establishing a connection between your Azure environment and Cloudbase
enable_cnapp: Enable CNAPP functions (default: true)cspm_permissions: Specify the permissions for the CSPM rolecwpp_permissions: Specify the permissions for the CWPP role
cloudbase_app_client_id: The Client ID of the Cloudbase Appsubscription_id: The subscription ID of your Azure Subscriptiondirectory_id: The Directory ID of your Azure Directory