Strike Graph

You can use <a href="https://help.strikegraph.com/en/articles/6399556-cumulus-for-azure-resource-manager">Terraform for Azure Resource Manager</a> to collect evidence from hundreds of different data sources within your Azure infrastructure. In this article, we’ll look at an example of how you can collect evidence from Azure Storage for evidence that satisfies many Availability requirements.

Make sure that you have a Terraform for Azure Resource Manager integration configured. For more information, refer to the <a href="https://help.strikegraph.com/en/articles/6399556-cumulus-for-azure-resource-manager#h_f7fb96b0f5">installation section</a> of the Help Center docs.

The Azure Service Principle that you configure for evidence collection will also need Contributor permissions for the Storage account that is configured for your data replication. 

Configure Terraform to collect from an Azure Storage account

Navigate to the <a href="https://grc.strikegraph.com/evidence" rel="nofollow noopener noreferrer" target="_blank">Strike Graph evidence</a> item that you would like to collect evidence for, and select “Automated Collection” as your attachment method. If the evidence item already has an effective attachment, but you would like to <a href="https://help.strikegraph.com/en/articles/5884331-automated-evidence-collection">configure it for automated collection</a>, you can add Automated Collection from the “more” menu in the top left.

In the attachment window, click on the “Integrations” tab and select your configured Terraform for Azure Resource Manager integration. 

Using the Storage Account data source and Account Replication Type data attribute

Using the storage account data source and the account replication type data attribute,  we can automatically collect configuration settings as attachments that show evidence of how your storage is configured for replication. 

Find more information on other ways to use azurerm_storage_account, reference this <a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account" rel="nofollow noopener noreferrer" target="_blank">Terraform documentation</a>.

Here we will be using the <a href="https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account" rel="nofollow noopener noreferrer" target="_blank">azurerm_storage_account data source</a> to collect information about how your storage account is configured.

Data source: azurerm_storage_account

Temp name: a short logical name for the attachment file

Argument references: (both are required for this data source)

<code>name = "sgexample"</code> - Specifies the name of the Storage Account

<code>resource_group_name = "Resource-Group-1"</code> - Specifies the name of the resource group the Storage Account is located in

- <code>name = "sgexample"</code> - Specifies the name of the Storage Account
- <code>resource_group_name = "Resource-Group-1"</code> - Specifies the name of the resource group the Storage Account is located in

Put together data_source and temp_name from above and append with `data` in the following format: `data.data_source.temp_name`

With this data source, we expect to get a JSON object that describes the configured settings for this Storage account. This will include the <code>account_replication_type</code> that specifies the redundancy configurations. Your auditor can use this to verify that redundancy is configured as described in your evidence and control descriptions.

Use Terraform to automatically collect evidence for redundancy and availability controls

How to automatically collect redundancy information for Availability Zones and other related controls

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

How to automatically collect redundancy information for Availability Zones and other related controls

Getting started

Configure Terraform to collect from an Azure Storage account

Using the Storage Account data source and Account Replication Type data attribute

Define Data

Define Local Values

Expected output