我尝试在使用 terraform 的存储帐户上使用“Microsoft Defender for Storage”启用恶意软件扫描,但我不知道如何执行此操作。 Terraform 不支持吗?我正在尝试在“Microsoft Defender For Cloud”上启用“上传恶意软件扫描”选项。是否有其他方法可以以编程方式执行此操作(如果 Terraform 尚未支持)?
试试这个(需要azapi提供商):
resource "azapi_resource" "defender_settings" {
name = "current"
type = "Microsoft.Security/DefenderForStorageSettings@2022-12-01-preview"
parent_id = azurerm_storage_account.netflowstorage.id
schema_validation_enabled = false
body = jsonencode({
properties = {
isEnabled = false
malwareScanning = {
onUpload = {
isEnabled = false
capGBPerMonth = 5000
}
}
sensitiveDataDiscovery = {
isEnabled = true
}
overrideSubscriptionLevelSettings = true
}
})
}
注意:如果您已经在资源上定义了设置,您可能需要将其调整为 update_resource (放置操作)(tf 会告诉您资源已经存在并且需要导入):
resource "azapi_update_resource" "defender_settings" {
name = "current"
type = "Microsoft.Security/DefenderForStorageSettings@2022-12-01-preview"
parent_id = azurerm_storage_account.netflowstorage.id
body = jsonencode({
properties = {
isEnabled = true
malwareScanning = {
onUpload = {
isEnabled = true
capGBPerMonth = 5000
}
}
sensitiveDataDiscovery = {
isEnabled = true
}
overrideSubscriptionLevelSettings = true
}
})
}