diff --git a/README.md b/README.md
index 7afda9fb..b3c7be4d 100644
--- a/README.md
+++ b/README.md
@@ -315,6 +315,7 @@ No modules.
| [cluster\_name](#input\_cluster\_name) | (Optional) The name for the AKS resources created in the specified Azure Resource Group. This variable overwrites the 'prefix' var (The 'prefix' var will still be applied to the dns\_prefix if it is set) | `string` | `null` | no |
| [cluster\_name\_random\_suffix](#input\_cluster\_name\_random\_suffix) | Whether to add a random suffix on Aks cluster's name or not. `azurerm_kubernetes_cluster` resource defined in this module is `create_before_destroy = true` implicity now(described [here](https://github.com/Azure/terraform-azurerm-aks/issues/389)), without this random suffix we'll not be able to recreate this cluster directly due to the naming conflict. | `bool` | `false` | no |
| [confidential\_computing](#input\_confidential\_computing) | (Optional) Enable Confidential Computing. | object({
sgx_quote_helper_enabled = bool
}) | `null` | no |
+| [cost\_analysis\_enabled](#input\_cost\_analysis\_enabled) | (Optional) Enable Cost Analysis. | `bool` | `false` | no |
| [create\_role\_assignment\_network\_contributor](#input\_create\_role\_assignment\_network\_contributor) | (Deprecated) Create a role assignment for the AKS Service Principal to be a Network Contributor on the subnets used for the AKS Cluster | `bool` | `false` | no |
| [create\_role\_assignments\_for\_application\_gateway](#input\_create\_role\_assignments\_for\_application\_gateway) | (Optional) Whether to create the corresponding role assignments for application gateway or not. Defaults to `true`. | `bool` | `true` | no |
| [default\_node\_pool\_fips\_enabled](#input\_default\_node\_pool\_fips\_enabled) | (Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created. | `bool` | `null` | no |
diff --git a/main.tf b/main.tf
index c4dc98cc..44f81f94 100644
--- a/main.tf
+++ b/main.tf
@@ -20,6 +20,7 @@ resource "azurerm_kubernetes_cluster" "main" {
resource_group_name = data.azurerm_resource_group.main.name
automatic_channel_upgrade = var.automatic_channel_upgrade
azure_policy_enabled = var.azure_policy_enabled
+ cost_analysis_enabled = var.cost_analysis_enabled
disk_encryption_set_id = var.disk_encryption_set_id
dns_prefix = var.prefix
image_cleaner_enabled = var.image_cleaner_enabled
@@ -566,6 +567,10 @@ resource "azurerm_kubernetes_cluster" "main" {
condition = (var.client_id != "" && var.client_secret != "") || (var.identity_type == "SystemAssigned") || (var.identity_ids == null ? false : length(var.identity_ids) > 0)
error_message = "If use identity and `UserAssigned` is set, an `identity_ids` must be set as well."
}
+ precondition {
+ condition = var.cost_analysis_enabled != true || (var.sku_tier == "Standard" || var.sku_tier == "Premium")
+ error_message = "`sku_tier` must be either `Standard` or `Premium` when cost analysis is enabled."
+ }
precondition {
condition = !(var.microsoft_defender_enabled && !var.log_analytics_workspace_enabled)
error_message = "Enabling Microsoft Defender requires that `log_analytics_workspace_enabled` be set to true."
diff --git a/variables.tf b/variables.tf
index 5f304b2f..343d1eba 100644
--- a/variables.tf
+++ b/variables.tf
@@ -428,6 +428,12 @@ variable "confidential_computing" {
description = "(Optional) Enable Confidential Computing."
}
+variable "cost_analysis_enabled" {
+ type = bool
+ default = false
+ description = "(Optional) Enable Cost Analysis."
+}
+
variable "create_role_assignment_network_contributor" {
type = bool
default = false