azure-network-log-retention¶
Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
Flow logs is a vital tool to monitor, manage, and know your own network for uncompromised security, compliance, and performance. Knowing your own environment is of paramount importance to protect and optimize it. You often need to know the current state of the network, who is connecting, where they're connecting from, which ports are open to the internet, expected network behavior, irregular network behavior, and sudden rises in traffic.
Examples¶
Insecure Example
resource "azurerm_network_watcher_flow_log" "test" {
network_watcher_name = azurerm_network_watcher.test.name
resource_group_name = azurerm_resource_group.test.name
network_security_group_id = azurerm_network_security_group.test.id
storage_account_id = azurerm_storage_account.test.id
enabled = true
retention_policy {
enabled = true
days = 7
}
traffic_analytics {
enabled = true
workspace_id = azurerm_log_analytics_workspace.test.workspace_id
workspace_region = azurerm_log_analytics_workspace.test.location
workspace_resource_id = azurerm_log_analytics_workspace.test.id
interval_in_minutes = 10
}
}
Secure Example
resource "azurerm_network_watcher_flow_log" "test" {
network_watcher_name = azurerm_network_watcher.test.name
resource_group_name = azurerm_resource_group.test.name
network_security_group_id = azurerm_network_security_group.test.id
storage_account_id = azurerm_storage_account.test.id
enabled = true
retention_policy {
enabled = true
days = 90
}
traffic_analytics {
enabled = true
workspace_id = azurerm_log_analytics_workspace.test.workspace_id
workspace_region = azurerm_log_analytics_workspace.test.location
workspace_resource_id = azurerm_log_analytics_workspace.test.id
interval_in_minutes = 10
}
}