chore: Adding security-admin to logging

kit/azure/logging/README.md

@@ -62,7 +62,9 @@ AzureActivity
 | [azurerm_role_assignment.cloudfoundation_tfdeploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.logging](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.security_admins](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.security_admins_law](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_assignment.security_auditors](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azurerm_role_assignment.security_auditors_law](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
 | [azurerm_role_definition.cloudfoundation_tfdeploy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
 

kit/azure/logging/documentation.tf

@@ -17,8 +17,8 @@ The kit creates two Groups as preparation for the `Privileged Access Management`
 
 |group|role|
 |-|-|
-| cloudfoundation-security-admins | Log Analytics Contributor |
-| cloudfoundation-secuirty-readers | Log Analytics Reader |
+| cloudfoundation-security-admins | Log Analytics Contributor, Security Admins |
+| cloudfoundation-secuirty-readers | Log Analytics Reader, Security Reader |
 
 [Privileged Access Management](https://cloudfoundation.org/maturity-model/iam/privileged-access-management.html#what-is-privileged-access-management-pam)
 

kit/azure/logging/main.tf

@@ -78,20 +78,32 @@ resource "azuread_group" "security_admins" {
   security_enabled = true
 }
 
-resource "azurerm_role_assignment" "security_admins" {
+resource "azurerm_role_assignment" "security_admins_law" {
   role_definition_name = "Log Analytics Contributor"
   principal_id         = azuread_group.security_admins.object_id
   scope                = var.scope
 }
 
+resource "azurerm_role_assignment" "security_admins" {
+  role_definition_name = "Security Admin"
+  principal_id         = azuread_group.security_admins.object_id
+  scope                = var.scope
+}
+
 # creates group and permissions for security auditors
 resource "azuread_group" "security_auditors" {
   display_name     = var.security_auditor_group
   security_enabled = true
 }
 
-resource "azurerm_role_assignment" "security_auditors" {
+resource "azurerm_role_assignment" "security_auditors_law" {
   role_definition_name = "Log Analytics Reader"
   principal_id         = azuread_group.security_auditors.object_id
   scope                = var.scope
 }
+
+resource "azurerm_role_assignment" "security_auditors" {
+  role_definition_name = "Security Reader"
+  principal_id         = azuread_group.security_auditors.object_id
+  scope                = var.scope
+}

kit/azure/pam/README.md

@@ -31,10 +31,12 @@ No modules.
 |------|------|
 | [azuread_group_member.billing_admins](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group_member) | resource |
 | [azuread_group_member.billing_readers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group_member) | resource |
+| [azuread_group_member.security_admins](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group_member) | resource |
 | [azuread_group_member.security_auditors](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/group_member) | resource |
 | [azuread_client_config.current](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/client_config) | data source |
 | [azuread_users.billing_admins](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/users) | data source |
 | [azuread_users.billing_readers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/users) | data source |
+| [azuread_users.security_admins](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/users) | data source |
 | [azuread_users.security_auditors](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/users) | data source |
 | [azurerm_management_group.root](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/management_group) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |