diff --git a/src/domains/ioweb-app/06_function_ioweb_profile.tf b/src/domains/ioweb-app/06_function_ioweb_profile.tf index 7f2179dff..26b2050ef 100644 --- a/src/domains/ioweb-app/06_function_ioweb_profile.tf +++ b/src/domains/ioweb-app/06_function_ioweb_profile.tf @@ -154,6 +154,8 @@ module "function_ioweb_profile" { data.azurerm_subnet.function_app_snet[1].id, ] + enable_healthcheck = false + # Action groups for alerts action = [ { diff --git a/src/domains/ioweb-common/01_network.tf b/src/domains/ioweb-common/01_network.tf index f8a57fcdb..c6e85d0e8 100644 --- a/src/domains/ioweb-common/01_network.tf +++ b/src/domains/ioweb-common/01_network.tf @@ -3,6 +3,12 @@ data "azurerm_virtual_network" "vnet_common" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_subnet" "private_endpoints_subnet" { + name = "pendpoints" + virtual_network_name = local.vnet_common_name + resource_group_name = local.vnet_common_resource_group_name +} + data "azurerm_private_dns_zone" "privatelink_redis_cache" { name = "privatelink.redis.cache.windows.net" resource_group_name = format("%s-rg-common", local.product) @@ -15,6 +21,11 @@ data "azurerm_subnet" "azdoa_snet" { resource_group_name = local.vnet_common_resource_group_name } +data "azurerm_private_dns_zone" "privatelink_blob_core_windows_net" { + name = "privatelink.blob.core.windows.net" + resource_group_name = local.vnet_common_resource_group_name +} + data "azurerm_subnet" "apim_v2_snet" { name = "apimv2api" virtual_network_name = local.vnet_common_name diff --git a/src/domains/ioweb-common/03_storage.tf b/src/domains/ioweb-common/03_storage.tf index 73ac99b24..cf5bb8f13 100644 --- a/src/domains/ioweb-common/03_storage.tf +++ b/src/domains/ioweb-common/03_storage.tf @@ -32,6 +32,28 @@ module "spid_logs_storage_customer_managed_key" { } +resource "azurerm_private_endpoint" "spid_logs_storage_blob" { + name = "${module.spid_logs_storage.name}-blob-endpoint" + location = var.location + resource_group_name = azurerm_resource_group.storage_rg.name + subnet_id = data.azurerm_subnet.private_endpoints_subnet.id + + private_service_connection { + name = "${module.spid_logs_storage.name}-blob" + private_connection_resource_id = module.spid_logs_storage.id + is_manual_connection = false + subresource_names = ["blob"] + } + + private_dns_zone_group { + name = "private-dns-zone-group" + private_dns_zone_ids = [data.azurerm_private_dns_zone.privatelink_blob_core_windows_net.id] + } + + tags = var.tags +} + + # Containers resource "azurerm_storage_container" "spid_logs" { depends_on = [module.spid_logs_storage] diff --git a/src/domains/ioweb-common/README.md b/src/domains/ioweb-common/README.md index 15499d65e..a6e4c7c1f 100644 --- a/src/domains/ioweb-common/README.md +++ b/src/domains/ioweb-common/README.md @@ -45,6 +45,7 @@ | [azurerm_key_vault_secret.appinsights_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_key_vault_secret.appinsights_instrumentation_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | | [azurerm_key_vault_secret.spid_login_jwt_pub_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | +| [azurerm_private_endpoint.spid_logs_storage_blob](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource | | [azurerm_resource_group.common_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.fe_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | | [azurerm_resource_group.sec_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) | resource | @@ -69,12 +70,14 @@ | [azurerm_monitor_action_group.error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.quarantine_error_action_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | | [azurerm_monitor_action_group.slack](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_action_group) | data source | +| [azurerm_private_dns_zone.privatelink_blob_core_windows_net](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_private_dns_zone.privatelink_redis_cache](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source | | [azurerm_resource_group.core_ext](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_resource_group.monitor_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | | [azurerm_subnet.apim_v2_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.azdoa_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subnet.ioweb_profile_snet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | +| [azurerm_subnet.private_endpoints_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subnet) | data source | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | | [azurerm_virtual_network.vnet_common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |