Question 247240 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Using Terraform to Enable Microsoft Defender for Storage on a Storage Account to scan for Malware

Im trying to enable malware scanning using "Microsoft Defender for Storage" on a Storage Account using terraform, but im not able to find out how to do it. Is it not supported in Terraform? Im trying to enable the "On-upload malware scanning" option on the "Microsoft Defender For Cloud". Are there any other means of programatically doing this (if its not yet supported in Terraform)?
enter image description here

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    This is how I resolved it using ARM template. In the resource definition, the "template_body" reference the template body file "malware-scan-configuration.json"

    resource "azurerm_template_deployment" "malware" {
  name                = "${module.app_service.default_site_hostname}.Scan"
  resource_group_name = module.resource_group.name
  template_body       = file("templates/malware-scan-configuration.json")

  parameters = {
    storage_account_name = my_storage_storage_account_name
    subscription_id      = my_subscription_id
    resource_group       = my_resource_group_name
    event_grid_topicName = my_event_grid_topic_name
    cap_gb_per_month     = 5000
  }
  deployment_mode = "Incremental"
  depends_on = [
  ]
}

    template body file: malware-scan-configuration.json

    {
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storage_account_name": {
      "type": "string"
    },
    "subscription_id": {
      "type": "string"
    },
    "resource_group": {
      "type": "string"
    },
    "event_grid_topicName": {
      "type": "string"
    },
    "cap_gb_per_month": {
      "type": "int"
    }
  },
  "resources": [
    {
      "type": "Microsoft.Security/DefenderForStorageSettings",
      "apiVersion": "2022-12-01-preview",
      "name": "current",
      "properties": {
        "isEnabled": true,
        "malwareScanning": {
          "onUpload": {
            "isEnabled": true,
            "capGBPerMonth": "[parameters('cap_gb_per_month')]"
          },
          "scanResultsEventGridTopicResourceId": "[concat('/subscriptions/', parameters('subscription_id'), '/resourceGroups/', parameters('resource_group'), '/providers/Microsoft.EventGrid/topics/', parameters('event_grid_topicName'))]"
        },
        "sensitiveDataDiscovery": {
          "isEnabled": false
        },
        "overrideSubscriptionLevelSettings": true
      },
      "scope": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storage_account_name'))]"
    }
  ],

  "outputs": {}
}

  2. 0

    Try this (azapi provider needed):

    resource "azapi_resource" "defender_settings" {
  name = "current"
  type = "Microsoft.Security/DefenderForStorageSettings@2022-12-01-preview"
  parent_id = azurerm_storage_account.netflowstorage.id
  schema_validation_enabled = false
  body = jsonencode({
    properties = {
      isEnabled = false
      malwareScanning = {
        onUpload = {
          isEnabled = false
          capGBPerMonth = 5000
        }
      }
      sensitiveDataDiscovery = {
        isEnabled = false
      }
      overrideSubscriptionLevelSettings = true
    }
  })
}

    Note: you may need to tweak it to be an update_resource (put operation) if you’ve already got settings defined on the resource (tf will tell you the resource already exists and needs importing):

    resource "azapi_update_resource" "defender_settings" {
  name = "current"
  type = "Microsoft.Security/DefenderForStorageSettings@2022-12-01-preview"
  parent_id = azurerm_storage_account.netflowstorage.id
  body = jsonencode({
    properties = {
      isEnabled = false
      malwareScanning = {
        onUpload = {
          isEnabled = false
          capGBPerMonth = 5000
        }
      }
      sensitiveDataDiscovery = {
        isEnabled = false
      }
      overrideSubscriptionLevelSettings = true
    }
  })
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search