terraform-azurerm-caf-enterprise-scale icon indicating copy to clipboard operation
terraform-azurerm-caf-enterprise-scale copied to clipboard

Published 20 hours ago verified publisher icon Azure

ASC (MDFC) export to Azure Monitor is not reliable due to DINE policy race condition

Open matt-FFFFFF opened this issue 2 years ago • 5 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform: 1.2.2

azure provider: 3.20

module: 3.1.2

Description

Describe the bug

MDFC export to LAW policy does not enable the functionality due to race condition.

Steps to Reproduce

  1. Deploy default architecture with configure_management_resources
  2. Observe subscription MDFC continuous export configuration not correct
  3. Observe Deploy-MDFC-Config policy not compliant

Screenshots

image

Additional context

Recommend declaring azurerm_security_center_automation resource to prevent this happening.

matt-FFFFFF avatar Aug 12 '22 09:08 matt-FFFFFF

Trigger ADO Sync

jtracey93 avatar Sep 09 '22 15:09 jtracey93

@matt-FFFFFF... We can implement this for the connectivity and management Subscriptions as we have providers configured for these, but not for any others.

Are you proposing we implement this in conjunction with future integrations between this module and lz-vending?

krowlandson avatar Oct 10 '22 16:10 krowlandson

Trigger ADO Sync

krowlandson avatar Oct 14 '22 07:10 krowlandson

Azure/terraform-azurerm-lz-vending#136 is the lz-vending issue

matt-FFFFFF avatar Jan 31 '23 10:01 matt-FFFFFF

AB#26868

matt-FFFFFF avatar Mar 03 '23 15:03 matt-FFFFFF