Add cost_analysis_enabled option

README.md

@@ -315,6 +315,7 @@ No modules.
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | (Optional) The name for the AKS resources created in the specified Azure Resource Group. This variable overwrites the 'prefix' var (The 'prefix' var will still be applied to the dns\_prefix if it is set) | `string` | `null` | no |
 | <a name="input_cluster_name_random_suffix"></a> [cluster\_name\_random\_suffix](#input\_cluster\_name\_random\_suffix) | Whether to add a random suffix on Aks cluster's name or not. `azurerm_kubernetes_cluster` resource defined in this module is `create_before_destroy = true` implicity now(described [here](https://github.com/Azure/terraform-azurerm-aks/issues/389)), without this random suffix we'll not be able to recreate this cluster directly due to the naming conflict. | `bool` | `false` | no |
 | <a name="input_confidential_computing"></a> [confidential\_computing](#input\_confidential\_computing) | (Optional) Enable Confidential Computing. | <pre>object({<br>    sgx_quote_helper_enabled = bool<br>  })</pre> | `null` | no |
+| <a name="input_cost_analysis_enabled"></a> [cost\_analysis\_enabled](#input\_cost\_analysis\_enabled) | (Optional) Enable Cost Analysis. | `bool` | `false` | no |
 | <a name="input_create_role_assignment_network_contributor"></a> [create\_role\_assignment\_network\_contributor](#input\_create\_role\_assignment\_network\_contributor) | (Deprecated) Create a role assignment for the AKS Service Principal to be a Network Contributor on the subnets used for the AKS Cluster | `bool` | `false` | no |
 | <a name="input_create_role_assignments_for_application_gateway"></a> [create\_role\_assignments\_for\_application\_gateway](#input\_create\_role\_assignments\_for\_application\_gateway) | (Optional) Whether to create the corresponding role assignments for application gateway or not. Defaults to `true`. | `bool` | `true` | no |
 | <a name="input_default_node_pool_fips_enabled"></a> [default\_node\_pool\_fips\_enabled](#input\_default\_node\_pool\_fips\_enabled) | (Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created. | `bool` | `null` | no |

main.tf

@@ -20,6 +20,7 @@ resource "azurerm_kubernetes_cluster" "main" {
   resource_group_name                 = data.azurerm_resource_group.main.name
   automatic_channel_upgrade           = var.automatic_channel_upgrade
   azure_policy_enabled                = var.azure_policy_enabled
+  cost_analysis_enabled               = var.cost_analysis_enabled
   disk_encryption_set_id              = var.disk_encryption_set_id
   dns_prefix                          = var.prefix
   image_cleaner_enabled               = var.image_cleaner_enabled
@@ -566,6 +567,10 @@ resource "azurerm_kubernetes_cluster" "main" {
       condition     = (var.client_id != "" && var.client_secret != "") || (var.identity_type == "SystemAssigned") || (var.identity_ids == null ? false : length(var.identity_ids) > 0)
       error_message = "If use identity and `UserAssigned` is set, an `identity_ids` must be set as well."
     }
+    precondition {
+      condition     = var.cost_analysis_enabled != true || (var.sku_tier == "Standard" || var.sku_tier == "Premium")
+      error_message = "`sku_tier` must be either `Standard` or `Premium` when cost analysis is enabled."
+    }
     precondition {
       condition     = !(var.microsoft_defender_enabled && !var.log_analytics_workspace_enabled)
       error_message = "Enabling Microsoft Defender requires that `log_analytics_workspace_enabled` be set to true."

variables.tf

@@ -428,6 +428,12 @@ variable "confidential_computing" {
   description = "(Optional) Enable Confidential Computing."
 }
 
+variable "cost_analysis_enabled" {
+  type        = bool
+  default     = false
+  description = "(Optional) Enable Cost Analysis."
+}
+
 variable "create_role_assignment_network_contributor" {
   type        = bool
   default     = false