cloud_azure_tenant

This resource registers an Azure Tenant in Falcon Cloud Security.

API Scopes

The following API scopes are required:

• Cloud security Azure registration: READ
• Cloud security Azure registration: WRITE

Example Usage

terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}

provider "crowdstrike" {
  cloud = "us-2"
}

resource "crowdstrike_cloud_azure_tenant" "org" {
  tenant_id                      = "00000000-0000-0000-0000-000000000003"
  microsoft_graph_permission_ids = ["9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30"]
  realtime_visibility = {
    enabled = true
  }
  resource_name_prefix = "1234567"
  environment          = "123"
  management_group_ids = []
  subscription_ids     = ["00000000-0000-0000-0000-000000000002"]
  tags = {
    "tag1" = "value1-one"
    "tag2" = "value2"
    "tag3" = "value2"
  }
}

output "tenant_registration" {
  value = crowdstrike_cloud_azure_tenant.org.cs_azure_client_id
}

Schema

Required

• microsoft_graph_permission_ids (Set of String) A list of Microsoft Graph permission IDs to assign to the service principal.
• tenant_id (String) The Azure Tenant ID to register into Falcon Cloud Security. If subscription_ids and management_group_ids are not provided, then all subscriptions in the tenant are targeted.

Optional

• account_type (String) The Azure Tenant account type. Value is ‘commercial’ for Commercial cloud accounts. For GovCloud environments, value can be either ‘commercial’ or ‘gov’ depending on the account type
• agentless_scanning_subscription_ids (Set of String) Azure subscription IDs where agentless scanning is enabled. These are sent as additional_features to the CrowdStrike API.
• cs_infra_location (String) Azure location where CrowdStrike infrastructure resources (such as Event Hubs) were deployed.
• cs_infra_subscription_id (String) Azure subscription ID where CrowdStrike infrastructure resources (such as Event Hubs) were deployed.
• dspm (Attributes) (see below for nested schema)
• environment (String) The environment added to resources created during onboarding. It will be used if you generate new .tfvars from the UI.
• management_group_ids (Set of String) A list of Azure management group IDs to monitor. All subscriptions under the management groups will be monitored.
• realtime_visibility (Attributes) (see below for nested schema)
• resource_name_prefix (String) The prefix added to resources created during onboarding. It will be used if you generate new .tfvars from the UI.
• resource_name_suffix (String) The suffix added to resources created during onboarding. It will be used if you generate new .tfvars from the UI.
• subscription_ids (Set of String) A list of subscription IDs to register in addition to any subscriptions that are targeted by management_group_ids.
• tags (Map of String) Tags applied to managed resources. This does not effect the registration of the tenant. It will be used if you generate new .tfvars from the UI.

Read-Only

• cs_azure_client_id (String) Client ID of CrowdStrike’s multi-tenant application in Azure. This is used to establish the connection between Azure and Falcon Cloud Security.

Nested Schema for dspm

Required:

• enabled (Boolean) Enable data security posture management (DSPM)

Nested Schema for realtime_visibility

Required:

• enabled (Boolean) Enable real-time visibility and detection

Import

Import is supported using the following syntax:

# A previously registered cloud azure tenant can be imported by tenant id.
terraform import crowdstrike_cloud_azure_tenant.tenant 00000000-0000-0000-0000-000000000000