From 2b6c8e6cce6f8ee5264f8919137e9596aff143c7 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Thu, 2 Dec 2021 19:33:50 -0600 Subject: [PATCH 01/14] Add Azure SQL DB Diagnostic Settings --- .../servers/databases/deploy.bicep | 81 +++++++++++++++++++ arm/Microsoft.Sql/servers/databases/readme.md | 7 ++ arm/Microsoft.Sql/servers/deploy.bicep | 7 ++ 3 files changed, 95 insertions(+) diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/arm/Microsoft.Sql/servers/databases/deploy.bicep index 6669798e03..94bfcb07c2 100644 --- a/arm/Microsoft.Sql/servers/databases/deploy.bicep +++ b/arm/Microsoft.Sql/servers/databases/deploy.bicep @@ -50,6 +50,74 @@ param location string = resourceGroup().location @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of log analytics.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + +@description('Optional. The name of logs that will be streamed.') +@allowed([ + 'SQLInsights' + 'AutomaticTuning' + 'QueryStoreRuntimeStatistics' + 'QueryStoreWaitStatistics' + 'Errors' + 'DatabaseWaitStatistics' + 'Timouts' + 'Blocks' + 'Deadlocks' +]) +param logsToEnable array = [ + 'SQLInsights' + 'AutomaticTuning' + 'QueryStoreRuntimeStatistics' + 'QueryStoreWaitStatistics' + 'Errors' + 'DatabaseWaitStatistics' + 'Timouts' + 'Blocks' + 'Deadlocks' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'Basic' +]) +param metricsToEnable array = [ + 'Basic' +] + +var diagnosticsLogs = [for log in logsToEnable: { + category: log + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsMetrics = [for metric in metricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + @description('Optional. The storage account type to be used to store backups for this database.') @allowed([ 'Geo' @@ -99,6 +167,19 @@ resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = { } } +resource database_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${last(split(database.name, '/'))}-diagnosticSettings' + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(workspaceId) ? null : workspaceId + eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId + eventHubName: empty(eventHubName) ? null : eventHubName + logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + metrics: ((empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics) + } + scope: database +} + @description('The name of the deployed database') output databaseName string = database.name diff --git a/arm/Microsoft.Sql/servers/databases/readme.md b/arm/Microsoft.Sql/servers/databases/readme.md index a6ae29e4dd..f8ec7693ea 100644 --- a/arm/Microsoft.Sql/servers/databases/readme.md +++ b/arm/Microsoft.Sql/servers/databases/readme.md @@ -15,12 +15,18 @@ This module deploys an Azure SQL Server. | `autoPauseDelay` | string | | | Optional. Time in minutes after which database is automatically paused. | | `collation` | string | | | Optional. The collation of the database. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `highAvailabilityReplicaCount` | int | | | Optional. The number of readonly secondary replicas associated with the database. | | `isLedgerOn` | bool | | | Optional. Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. | | `licenseType` | string | | | Optional. The license type to apply for this database. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | +| `logsToEnable` | array | `[SQLInsights,AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timouts, Blocks, Deadlocks]` | `[SQLInsights,AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timouts, Blocks, Deadlocks]` | Optional. The name of logs that will be streamed. | | `maintenanceConfigurationId` | string | | | Optional. Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur. | | `maxSizeBytes` | int | | | Optional. The max size of the database expressed in bytes. | +| `metricsToEnable` | array | `[Basic]` | `[Basic]` | Optional. The name of metrics that will be streamed. | | `minCapacity` | string | | | Optional. Minimal capacity that database will always have allocated. | | `name` | string | | | Required. The name of the database. | | `readScale` | string | `Disabled` | `[Enabled, Disabled]` | Optional. The state of read-only routing. | @@ -30,6 +36,7 @@ This module deploys an Azure SQL Server. | `skuName` | string | | | Required. The name of the SKU. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `tier` | string | | | Optional. The tier or edition of the particular SKU. | +| `workspaceId` | string | | | Optional. Resource ID of log analytics. | | `zoneRedundant` | bool | | | Optional. Whether or not this database is zone redundant. | ### Parameter Usage: `tags` diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep index 0bb9ed0970..678126711f 100644 --- a/arm/Microsoft.Sql/servers/deploy.bicep +++ b/arm/Microsoft.Sql/servers/deploy.bicep @@ -95,16 +95,23 @@ module server_databases 'databases/deploy.bicep' = [for (database, index) in dat skuName: database.skuName collation: database.collation autoPauseDelay: contains(database, 'autoPauseDelay') ? database.autoPauseDelay : '' + diagnosticLogsRetentionInDays: contains(database, 'diagnosticLogsRetentionInDays') ? database.diagnosticLogsRetentionInDays : 365 + diagnosticStorageAccountId: contains(database, 'diagnosticStorageAccountId') ? database.diagnosticStorageAccountId : '' + eventHubAuthorizationRuleId: contains(database, 'eventHubAuthorizationRuleId') ? database.eventHubAuthorizationRuleId : '' + eventHubName: contains(database, 'eventHubName') ? database.eventHubName : '' isLedgerOn: contains(database, 'isLedgerOn') ? database.isLedgerOn : false location: contains(database, 'location') ? database.location : server.location + logsToEnable: contains(database, 'logsToEnable') ? database.logsToEnable : [] licenseType: contains(database, 'licenseType') ? database.licenseType : '' maintenanceConfigurationId: contains(database, 'maintenanceConfigurationId') ? database.maintenanceConfigurationId : '' minCapacity: contains(database, 'minCapacity') ? database.minCapacity : '' + metricsToEnable: contains(database, 'metricsToEnable') ? database.metricsToEnable : [] highAvailabilityReplicaCount: contains(database, 'highAvailabilityReplicaCount') ? database.highAvailabilityReplicaCount : 0 readScale: contains(database, 'readScale') ? database.readScale : 'Disabled' requestedBackupStorageRedundancy: contains(database, 'requestedBackupStorageRedundancy') ? database.requestedBackupStorageRedundancy : '' sampleName: contains(database, 'sampleName') ? database.sampleName : '' tags: contains(database, 'tags') ? database.tags : {} + workspaceId: contains(database, 'workspaceId') ? database.workspaceId : '' zoneRedundant: contains(database, 'zoneRedundant') ? database.zoneRedundant : false } }] From 1e7ff9547c3e04d0d9b672402e1cb24bfbca7dc7 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Thu, 2 Dec 2021 21:39:27 -0600 Subject: [PATCH 02/14] Add Storage Account Diagnostic Settings --- .../storageAccounts/blobServices/deploy.bicep | 69 +++++++++++++++++ .../storageAccounts/deploy.bicep | 75 +++++++++++++++++++ .../storageAccounts/fileServices/deploy.bicep | 69 +++++++++++++++++ .../queueServices/deploy.bicep | 69 +++++++++++++++++ .../tableServices/deploy.bicep | 69 +++++++++++++++++ 5 files changed, 351 insertions(+) diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep index 6634a0863b..02fe9188a5 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep @@ -17,9 +17,65 @@ param automaticSnapshotPolicyEnabled bool = false @description('Optional. Blob containers to create.') param containers array = [] +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of a log analytics workspace.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' +@description('Optional. The name of logs that will be streamed.') +@allowed([ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +]) +param logsToEnable array = [ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'Transaction' +]) +param metricsToEnable array = [ + 'Transaction' +] + +var diagnosticsLogs = [for log in logsToEnable: { + category: log + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsMetrics = [for metric in metricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' params: {} @@ -41,6 +97,19 @@ resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01 } } +resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${blobServices.name}-diagnosticSettings' + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(workspaceId) ? null : workspaceId + eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId + eventHubName: empty(eventHubName) ? null : eventHubName + metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics + logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + } + scope: blobServices +} + module blobServices_container 'containers/deploy.bicep' = [for (container, index) in containers: { name: '${deployment().name}-Storage-Container-${index}' params: { diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index d2e4888a19..2e924f3656 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -85,6 +85,23 @@ param minimumTlsVersion string = 'TLS1_2' @description('Optional. If true, enables Hierarchical Namespace for the storage account') param enableHierarchicalNamespace bool = false +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of a log analytics workspace.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + @allowed([ 'CanNotDelete' 'NotSpecified' @@ -102,6 +119,24 @@ param cuaId string = '' @description('Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules.') param basetime string = utcNow('u') +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'Transaction' +]) +param metricsToEnable array = [ + 'Transaction' +] + +var diagnosticsMetrics = [for metric in metricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + var virtualNetworkRules = [for index in range(0, (empty(networkAcls) ? 0 : length(networkAcls.virtualNetworkRules))): { id: '${vNetId}/subnets/${networkAcls.virtualNetworkRules[index].subnet}' }] @@ -161,6 +196,18 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { properties: saProperties } +resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${storageAccount.name}-diagnosticSettings' + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(workspaceId) ? null : workspaceId + eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId + eventHubName: empty(eventHubName) ? null : eventHubName + metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics + } + scope: storageAccount +} + resource storageAccount_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') { name: '${storageAccount.name}-${lock}-lock' properties: { @@ -207,6 +254,13 @@ module storageAccount_blobServices 'blobServices/deploy.bicep' = if (!empty(blob automaticSnapshotPolicyEnabled: contains(blobServices, 'automaticSnapshotPolicyEnabled') ? blobServices.automaticSnapshotPolicyEnabled : false deleteRetentionPolicy: contains(blobServices, 'deleteRetentionPolicy') ? blobServices.deleteRetentionPolicy : true deleteRetentionPolicyDays: contains(blobServices, 'deleteRetentionPolicyDays') ? blobServices.deleteRetentionPolicyDays : 7 + diagnosticLogsRetentionInDays: contains(blobServices, 'diagnosticLogsRetentionInDays') ? blobServices.diagnosticLogsRetentionInDays : 365 + diagnosticStorageAccountId: contains(blobServices, 'diagnosticStorageAccountId') ? blobServices.diagnosticStorageAccountId : '' + eventHubAuthorizationRuleId: contains(blobServices, 'eventHubAuthorizationRuleId') ? blobServices.eventHubAuthorizationRuleId : '' + eventHubName: contains(blobServices, 'eventHubName') ? blobServices.eventHubName : '' + logsToEnable: contains(blobServices, 'logsToEnable') ? blobServices.logsToEnable : [] + metricsToEnable: contains(blobServices, 'metricsToEnable') ? blobServices.metricsToEnable : [] + workspaceId: contains(blobServices, 'workspaceId') ? blobServices.workspaceId : '' } } @@ -215,12 +269,19 @@ module storageAccount_fileServices 'fileServices/deploy.bicep' = if (!empty(file name: '${uniqueString(deployment().name, location)}-Storage-FileServices' params: { storageAccountName: storageAccount.name + diagnosticLogsRetentionInDays: contains(fileServices, 'diagnosticLogsRetentionInDays') ? fileServices.diagnosticLogsRetentionInDays : 365 + diagnosticStorageAccountId: contains(fileServices, 'diagnosticStorageAccountId') ? fileServices.diagnosticStorageAccountId : '' + eventHubAuthorizationRuleId: contains(fileServices, 'eventHubAuthorizationRuleId') ? fileServices.eventHubAuthorizationRuleId : '' + eventHubName: contains(fileServices, 'eventHubName') ? fileServices.eventHubName : '' + logsToEnable: contains(fileServices, 'logsToEnable') ? fileServices.logsToEnable : [] + metricsToEnable: contains(fileServices, 'metricsToEnable') ? fileServices.metricsToEnable : [] protocolSettings: contains(fileServices, 'protocolSettings') ? fileServices.protocolSettings : {} shareDeleteRetentionPolicy: contains(fileServices, 'shareDeleteRetentionPolicy') ? fileServices.shareDeleteRetentionPolicy : { enabled: true days: 7 } shares: contains(fileServices, 'shares') ? fileServices.shares : [] + workspaceId: contains(fileServices, 'workspaceId') ? fileServices.workspaceId : '' } } @@ -229,7 +290,14 @@ module storageAccount_queueServices 'queueServices/deploy.bicep' = if (!empty(qu name: '${uniqueString(deployment().name, location)}-Storage-QueueServices' params: { storageAccountName: storageAccount.name + diagnosticLogsRetentionInDays: contains(queueServices, 'diagnosticLogsRetentionInDays') ? queueServices.diagnosticLogsRetentionInDays : 365 + diagnosticStorageAccountId: contains(queueServices, 'diagnosticStorageAccountId') ? queueServices.diagnosticStorageAccountId : '' + eventHubAuthorizationRuleId: contains(queueServices, 'eventHubAuthorizationRuleId') ? queueServices.eventHubAuthorizationRuleId : '' + eventHubName: contains(queueServices, 'eventHubName') ? queueServices.eventHubName : '' + logsToEnable: contains(queueServices, 'logsToEnable') ? queueServices.logsToEnable : [] + metricsToEnable: contains(queueServices, 'metricsToEnable') ? queueServices.metricsToEnable : [] queues: contains(queueServices, 'queues') ? queueServices.queues : [] + workspaceId: contains(queueServices, 'workspaceId') ? queueServices.workspaceId : '' } } @@ -238,7 +306,14 @@ module storageAccount_tableServices 'tableServices/deploy.bicep' = if (!empty(ta name: '${uniqueString(deployment().name, location)}-Storage-TableServices' params: { storageAccountName: storageAccount.name + diagnosticLogsRetentionInDays: contains(tableServices, 'diagnosticLogsRetentionInDays') ? tableServices.diagnosticLogsRetentionInDays : 365 + diagnosticStorageAccountId: contains(tableServices, 'diagnosticStorageAccountId') ? tableServices.diagnosticStorageAccountId : '' + eventHubAuthorizationRuleId: contains(tableServices, 'eventHubAuthorizationRuleId') ? tableServices.eventHubAuthorizationRuleId : '' + eventHubName: contains(tableServices, 'eventHubName') ? tableServices.eventHubName : '' + logsToEnable: contains(tableServices, 'logsToEnable') ? tableServices.logsToEnable : [] + metricsToEnable: contains(tableServices, 'metricsToEnable') ? tableServices.metricsToEnable : [] tables: contains(tableServices, 'tables') ? tableServices.tables : [] + workspaceId: contains(tableServices, 'workspaceId') ? tableServices.workspaceId : '' } } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep index 7f40d01192..1438ae80a3 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep @@ -14,12 +14,68 @@ param shareDeleteRetentionPolicy object = { days: 7 } +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of a log analytics workspace.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + @description('Optional. File shares to create.') param shares array = [] @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' +@description('Optional. The name of logs that will be streamed.') +@allowed([ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +]) +param logsToEnable array = [ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'Transaction' +]) +param metricsToEnable array = [ + 'Transaction' +] + +var diagnosticsLogs = [for log in logsToEnable: { + category: log + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsMetrics = [for metric in metricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' params: {} @@ -38,6 +94,19 @@ resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-04-01 } } +resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${fileServices.name}-diagnosticSettings' + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(workspaceId) ? null : workspaceId + eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId + eventHubName: empty(eventHubName) ? null : eventHubName + metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics + logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + } + scope: fileServices +} + module fileServices_shares 'shares/deploy.bicep' = [for (share, index) in shares: { name: '${deployment().name}-Storage-File-${index}' params: { diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep index e02d134fa6..7b92ea64f4 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep @@ -8,9 +8,65 @@ param name string = 'default' @description('Optional. Queues to create.') param queues array = [] +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of a log analytics workspace.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' +@description('Optional. The name of logs that will be streamed.') +@allowed([ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +]) +param logsToEnable array = [ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'Transaction' +]) +param metricsToEnable array = [ + 'Transaction' +] + +var diagnosticsLogs = [for log in logsToEnable: { + category: log + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsMetrics = [for metric in metricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' params: {} @@ -26,6 +82,19 @@ resource queueServices 'Microsoft.Storage/storageAccounts/queueServices@2021-04- properties: {} } +resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${queueServices.name}-diagnosticSettings' + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(workspaceId) ? null : workspaceId + eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId + eventHubName: empty(eventHubName) ? null : eventHubName + metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics + logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + } + scope: queueServices +} + module queueServices_queues 'queues/deploy.bicep' = [for (queue, index) in queues: { name: '${deployment().name}-Storage-Queue-${index}' params: { diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep index 08b5bc7737..75908290ff 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep @@ -8,9 +8,65 @@ param name string = 'default' @description('Optional. tables to create.') param tables array = [] +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of a log analytics workspace.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' +@description('Optional. The name of logs that will be streamed.') +@allowed([ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +]) +param logsToEnable array = [ + 'StorageRead' + 'StorageWrite' + 'StorageDelete' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'Transaction' +]) +param metricsToEnable array = [ + 'Transaction' +] + +var diagnosticsLogs = [for log in logsToEnable: { + category: log + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsMetrics = [for metric in metricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { name: 'pid-${cuaId}' params: {} @@ -26,6 +82,19 @@ resource tableServices 'Microsoft.Storage/storageAccounts/tableServices@2021-04- properties: {} } +resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${tableServices.name}-diagnosticSettings' + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(workspaceId) ? null : workspaceId + eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId + eventHubName: empty(eventHubName) ? null : eventHubName + metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics + logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + } + scope: tableServices +} + module tableServices_tables 'tables/deploy.bicep' = [for (tableName, index) in tables: { name: '${deployment().name}-Storage-Table-${index}' params: { From 3365300185142b5d85efa19f1a4172ff8e743925 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Thu, 2 Dec 2021 21:48:15 -0600 Subject: [PATCH 03/14] Add Diagnostic Settings to Log Analytics Workspace --- .../workspaces/deploy.bicep | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 8ab034bab5..affb7c3891 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -54,6 +54,23 @@ param publicNetworkAccessForQuery string = 'Enabled' @description('Optional. Set to \'true\' to use resource or workspace permissions and \'false\' (or leave empty) to require workspace permissions.') param useResourcePermissions bool = false +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of a log analytics workspace.') +param workspaceId string = '' + +@description('Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param eventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param eventHubName string = '' + @allowed([ 'CanNotDelete' 'NotSpecified' @@ -71,6 +88,41 @@ param tags object = {} @description('Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered') param cuaId string = '' +@description('Optional. The name of logs that will be streamed.') +@allowed([ + 'Audit' +]) +param logsToEnable array = [ + 'Audit' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'AllMetrics' +]) +param metricsToEnable array = [ + 'AllMetrics' +] + +var diagnosticsLogs = [for log in logsToEnable: { + category: log + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsMetrics = [for metric in metricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + var logAnalyticsSearchVersion = 1 module pid_cuaId '.bicep/nested_cuaId.bicep' = if (!empty(cuaId)) { @@ -99,6 +151,19 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 } } +resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { + name: '${logAnalyticsWorkspace.name}-diagnosticSettings' + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(workspaceId) ? null : workspaceId + eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId + eventHubName: empty(eventHubName) ? null : eventHubName + metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics + logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + } + scope: logAnalyticsWorkspace +} + module logAnalyticsWorkspace_storageInsightConfigs 'storageInsightConfigs/deploy.bicep' = [for (storageInsightsConfig, index) in storageInsightsConfigs: { name: '${deployment().name}-storageInsightsConfig-${index}' params: { From d8a9879bca68dc82cc4954734b7b15c6b793aebc Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Fri, 3 Dec 2021 16:51:24 -0600 Subject: [PATCH 04/14] Update ReadMe for Diag Settings Enablement --- arm/Microsoft.OperationalInsights/workspaces/readme.md | 7 +++++++ .../storageAccounts/blobServices/readme.md | 7 +++++++ .../storageAccounts/fileServices/readme.md | 7 +++++++ .../storageAccounts/queueServices/readme.md | 8 ++++++++ arm/Microsoft.Storage/storageAccounts/readme.md | 6 ++++++ .../storageAccounts/tableServices/readme.md | 8 +++++++- 6 files changed, 42 insertions(+), 1 deletion(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index cab8ea6865..6d30317539 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -23,6 +23,12 @@ This template deploys a log analytics workspace. | `dailyQuotaGb` | int | `-1` | | Optional. The workspace daily quota for ingestion. | | `dataRetention` | int | `365` | | Required. Number of days data will be retained for | | `dataSources` | _[dataSources](dataSources/readme.md)_ array | `[]` | | Optional. LAW data sources to configure. | +| `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `logsToEnable` | array | `[Audit]` | `[Audit]` | Optional. The name of logs that will be streamed. | +| `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `gallerySolutions` | array | `[]` | | Optional. LAW gallerySolutions from the gallery. | | `linkedServices` | _[linkedServices](linkedServices/readme.md)_ array | `[]` | | Optional. List of services to be linked. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | @@ -36,6 +42,7 @@ This template deploys a log analytics workspace. | `storageInsightsConfigs` | array | `[]` | | Optional. List of storage accounts to be read by the workspace. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `useResourcePermissions` | bool | | | Optional. Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | +| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `gallerySolutions` diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md index fea80fa65c..c44c7921fa 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md @@ -20,8 +20,15 @@ This module can be used to deploy a blob service into a storage account. | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `deleteRetentionPolicy` | bool | `True` | | Optional. Indicates whether DeleteRetentionPolicy is enabled for the Blob service. | | `deleteRetentionPolicyDays` | int | `7` | | Optional. Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | +| `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | +| `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the blob service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | +| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ## Outputs diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md index 3f905df4be..8b800e6677 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md @@ -15,11 +15,18 @@ This module can be used to deploy a file share service into a storage account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | +| `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the file service | | `protocolSettings` | object | `{object}` | | Protocol settings for file service | | `shareDeleteRetentionPolicy` | object | `{object}` | | The service properties for soft delete. | | `shares` | _[shares](shares/readme.md)_ array | `[]` | | Optional. File shares to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | +| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ## Outputs diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md index dbcd3a6b61..cc102500ea 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md @@ -15,9 +15,17 @@ This module can be used to deploy a file share service into a storage account. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | +| `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the queue service | | `queues` | _[queues](queues/readme.md)_ array | `[]` | | Optional. Queues to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | +| `workspaceId` | string | | | Optional. Resource ID of log analytics. | + ## Outputs diff --git a/arm/Microsoft.Storage/storageAccounts/readme.md b/arm/Microsoft.Storage/storageAccounts/readme.md index 286e6647a0..ed03705bed 100644 --- a/arm/Microsoft.Storage/storageAccounts/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/readme.md @@ -31,11 +31,16 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `basetime` | string | `[utcNow('u')]` | | Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules. | | `blobServices` | _[blobServices](blobServices/readme.md)_ object | `{object}` | | Optional. Blob service and containers to deploy | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | | `enableHierarchicalNamespace` | bool | | | Optional. If true, enables Hierarchical Namespace for the storage account | +| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | | `fileServices` | _[fileServices](fileServices/readme.md)_ object | `{object}` | | Optional. File service and shares to deploy | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | | `managementPolicyRules` | array | `[]` | | Optional. The Storage Account ManagementPolicies Rules. | +| `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `minimumTlsVersion` | string | `TLS1_2` | `[TLS1_0, TLS1_1, TLS1_2]` | Optional. Set the minimum TLS version on request to storage. | | `name` | string | | | Optional. Name of the Storage Account. | | `networkAcls` | object | `{object}` | | Optional. Networks ACLs, this value contains IPs to whitelist and/or Subnet information. | @@ -50,6 +55,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vNetId` | string | | | Optional. Virtual Network Identifier used to create a service endpoint. | +| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ### Parameter Usage: `roleAssignments` diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md index 53352bc756..d177de826b 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md @@ -14,10 +14,16 @@ This module deploys a storage account table service | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | +| `diagnosticLogsRetentionInDays` | int | `365` | | Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | +| `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `logsToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | Optional. The name of logs that will be streamed. | +| `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the table service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | | `tables` | _[tables](tables/readme.md)_ array | `[]` | | Optional. tables to create. | - +| `workspaceId` | string | | | Optional. Resource ID of log analytics. | ## Outputs From 0bdebeae61c057da19d426e0efdd10c216880e3e Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Fri, 3 Dec 2021 16:58:51 -0600 Subject: [PATCH 05/14] Update SQL DB Parameter file with Diagnostic Settings --- arm/Microsoft.Sql/servers/.parameters/parameters.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arm/Microsoft.Sql/servers/.parameters/parameters.json b/arm/Microsoft.Sql/servers/.parameters/parameters.json index d552c246e8..eec0231e4d 100644 --- a/arm/Microsoft.Sql/servers/.parameters/parameters.json +++ b/arm/Microsoft.Sql/servers/.parameters/parameters.json @@ -42,7 +42,12 @@ "tier": "GeneralPurpose", "skuName": "GP_Gen5_2", "maxSizeBytes": 34359738368, - "licenseType": "LicenseIncluded" + "licenseType": "LicenseIncluded", + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", + "workspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001", + "eventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", + "eventHubName": "adp-sxx-az-evh-x-001" } ] }, From 0a18b5a8483a0b53eedbd6c3cdc01e7073df345e Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Fri, 3 Dec 2021 17:08:42 -0600 Subject: [PATCH 06/14] Update ReadMe --- arm/Microsoft.Sql/servers/databases/readme.md | 1 + arm/Microsoft.Storage/storageAccounts/blobServices/readme.md | 1 + arm/Microsoft.Storage/storageAccounts/fileServices/readme.md | 1 + arm/Microsoft.Storage/storageAccounts/queueServices/readme.md | 1 + arm/Microsoft.Storage/storageAccounts/readme.md | 1 + arm/Microsoft.Storage/storageAccounts/tableServices/readme.md | 1 + 6 files changed, 6 insertions(+) diff --git a/arm/Microsoft.Sql/servers/databases/readme.md b/arm/Microsoft.Sql/servers/databases/readme.md index f8ec7693ea..2ef8ecd754 100644 --- a/arm/Microsoft.Sql/servers/databases/readme.md +++ b/arm/Microsoft.Sql/servers/databases/readme.md @@ -6,6 +6,7 @@ This module deploys an Azure SQL Server. | Resource Type | API Version | | :-- | :-- | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | | `Microsoft.Sql/servers/databases` | 2021-02-01-preview | ## Parameters diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md index c44c7921fa..498f14aa4a 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md @@ -7,6 +7,7 @@ This module can be used to deploy a blob service into a storage account. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | | `Microsoft.Storage/storageAccounts/blobServices` | 2021-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers` | 2019-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | 2019-06-01 | diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md index 8b800e6677..3b098f6c32 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md @@ -7,6 +7,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | | `Microsoft.Storage/storageAccounts/fileServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 | diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md index cc102500ea..cb2f4179f0 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md @@ -7,6 +7,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | | `Microsoft.Storage/storageAccounts/queueServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/queueServices/queues` | 2019-06-01 | diff --git a/arm/Microsoft.Storage/storageAccounts/readme.md b/arm/Microsoft.Storage/storageAccounts/readme.md index ed03705bed..9d0ee6d311 100644 --- a/arm/Microsoft.Storage/storageAccounts/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/readme.md @@ -8,6 +8,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | :-- | :-- | | `Microsoft.Authorization/locks` | 2016-09-01 | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-02-01 | | `Microsoft.Storage/storageAccounts` | 2021-06-01 | diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md index d177de826b..6cef5db132 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md @@ -6,6 +6,7 @@ This module deploys a storage account table service | Resource Type | API Version | | :-- | :-- | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | | `Microsoft.Storage/storageAccounts/tableServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/tableServices/tables` | 2021-06-01 | From 8f7b265e7102104f5c872666d58c701b1ea5761b Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Fri, 3 Dec 2021 17:14:53 -0600 Subject: [PATCH 07/14] Update readme.md --- arm/Microsoft.Sql/servers/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md index 8993b04958..b0b871739e 100644 --- a/arm/Microsoft.Sql/servers/readme.md +++ b/arm/Microsoft.Sql/servers/readme.md @@ -8,6 +8,7 @@ This module deploys a SQL server. | :-- | :-- | | `Microsoft.Authorization/locks` | 2016-09-01 | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | | `Microsoft.Sql/servers` | 2021-05-01-preview | | `Microsoft.Sql/servers/databases` | 2021-02-01-preview | | `Microsoft.Sql/servers/firewallRules` | 2021-05-01-preview | From 6044616b36a04fbd3401cb503fb46b387532936f Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Fri, 3 Dec 2021 17:29:38 -0600 Subject: [PATCH 08/14] Update Storage Account Parameter for Diagnostic Settings --- .../.parameters/parameters.json | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json b/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json index 247e0496df..78c725d89c 100644 --- a/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json +++ b/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json @@ -13,6 +13,11 @@ }, "blobServices": { "value": { + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", + "workspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001", + "eventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", + "eventHubName": "adp-sxx-az-evh-x-001", "containers": [ { "name": "avdscripts", @@ -38,6 +43,11 @@ }, "fileServices": { "value": { + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", + "workspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001", + "eventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", + "eventHubName": "adp-sxx-az-evh-x-001", "shares": [ { "name": "avdprofiles", @@ -60,6 +70,11 @@ }, "tableServices": { "value": { + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", + "workspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001", + "eventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", + "eventHubName": "adp-sxx-az-evh-x-001", "tables": [ "table1", "table2" @@ -68,6 +83,11 @@ }, "queueServices": { "value": { + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001", + "workspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001", + "eventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", + "eventHubName": "adp-sxx-az-evh-x-001", "queues": [ { "name": "queue1", @@ -105,6 +125,21 @@ ] } ] + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + }, + "workspaceId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" + }, + "eventHubAuthorizationRuleId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + }, + "eventHubName": { + "value": "adp-sxx-az-evh-x-001" } } } From b68c5a296a97deedc9ffe2f1bff848408294e3c1 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Fri, 3 Dec 2021 17:54:18 -0600 Subject: [PATCH 09/14] Update Storage Account output --- arm/Microsoft.Storage/storageAccounts/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index 2e924f3656..99e4ae1f43 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -330,4 +330,4 @@ output storageAccountResourceGroup string = resourceGroup().name output storageAccountPrimaryBlobEndpoint string = (!empty(blobServices) && contains(storageAccount_blobServices, 'blobContainers')) ? '' : reference('Microsoft.Storage/storageAccounts/${storageAccount.name}', '2019-04-01').primaryEndpoints.blob @description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity ? storageAccount.identity.principalId : '' +output systemAssignedPrincipalId string = systemAssignedIdentity ? storageAccount.identity.userAssignedIdentities : '' From 88a61cd7e2bb5f6243f1eb50e23f6756f96aa1c4 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Fri, 3 Dec 2021 18:09:43 -0600 Subject: [PATCH 10/14] Update storage account output --- arm/Microsoft.Storage/storageAccounts/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index 99e4ae1f43..2e924f3656 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -330,4 +330,4 @@ output storageAccountResourceGroup string = resourceGroup().name output storageAccountPrimaryBlobEndpoint string = (!empty(blobServices) && contains(storageAccount_blobServices, 'blobContainers')) ? '' : reference('Microsoft.Storage/storageAccounts/${storageAccount.name}', '2019-04-01').primaryEndpoints.blob @description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity ? storageAccount.identity.userAssignedIdentities : '' +output systemAssignedPrincipalId string = systemAssignedIdentity ? storageAccount.identity.principalId : '' From 638024b9257470f44b167da3e5f5908eab54c248 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Tue, 7 Dec 2021 11:13:24 -0600 Subject: [PATCH 11/14] Update diag setting API --- arm/Microsoft.OperationalInsights/workspaces/deploy.bicep | 2 +- arm/Microsoft.Sql/servers/databases/deploy.bicep | 2 +- arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep | 2 +- arm/Microsoft.Storage/storageAccounts/deploy.bicep | 2 +- arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep | 2 +- .../storageAccounts/queueServices/deploy.bicep | 2 +- .../storageAccounts/tableServices/deploy.bicep | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 9a623f7dd0..3180378c41 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -151,7 +151,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 } } -resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${logAnalyticsWorkspace.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/arm/Microsoft.Sql/servers/databases/deploy.bicep index 94bfcb07c2..4bcf408312 100644 --- a/arm/Microsoft.Sql/servers/databases/deploy.bicep +++ b/arm/Microsoft.Sql/servers/databases/deploy.bicep @@ -167,7 +167,7 @@ resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = { } } -resource database_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${last(split(database.name, '/'))}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep index efc44a34ea..0cb186941e 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep @@ -97,7 +97,7 @@ resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01 } } -resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${blobServices.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index 2e924f3656..acb844ae84 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -196,7 +196,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { properties: saProperties } -resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${storageAccount.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep index 792db09021..3e605fdefa 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep @@ -94,7 +94,7 @@ resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-04-01 } } -resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${fileServices.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep index 565a49e49c..01aaac101e 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep @@ -82,7 +82,7 @@ resource queueServices 'Microsoft.Storage/storageAccounts/queueServices@2021-04- properties: {} } -resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${queueServices.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep index 6555f31f7d..6a31b48c64 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep @@ -82,7 +82,7 @@ resource tableServices 'Microsoft.Storage/storageAccounts/tableServices@2021-04- properties: {} } -resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2017-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { +resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${tableServices.name}-diagnosticSettings' properties: { storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId From c7e164b0f1c552194dd0afd05d0fdb65732efa16 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Tue, 7 Dec 2021 23:47:08 -0600 Subject: [PATCH 12/14] Update ReadMe files --- arm/Microsoft.OperationalInsights/workspaces/readme.md | 8 +++++--- arm/Microsoft.Sql/servers/databases/readme.md | 5 +++-- arm/Microsoft.Sql/servers/readme.md | 3 ++- .../storageAccounts/blobServices/readme.md | 5 +++-- .../storageAccounts/fileServices/readme.md | 5 +++-- .../storageAccounts/queueServices/readme.md | 5 +++-- arm/Microsoft.Storage/storageAccounts/readme.md | 5 +++-- .../storageAccounts/tableServices/readme.md | 5 +++-- 8 files changed, 25 insertions(+), 16 deletions(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/arm/Microsoft.OperationalInsights/workspaces/readme.md index 6d30317539..8ea13e7fcd 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/readme.md +++ b/arm/Microsoft.OperationalInsights/workspaces/readme.md @@ -8,6 +8,7 @@ This template deploys a log analytics workspace. | :-- | :-- | | `Microsoft.Authorization/locks` | 2016-09-01 | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.OperationalInsights/workspaces` | 2020-08-01 | | `Microsoft.OperationalInsights/workspaces/dataSources` | 2020-08-01 | | `Microsoft.OperationalInsights/workspaces/linkedServices` | 2020-08-01 | @@ -27,12 +28,12 @@ This template deploys a log analytics workspace. | `diagnosticStorageAccountId` | string | | | Optional. Resource ID of the diagnostic storage account. | | `eventHubAuthorizationRuleId` | string | | | Optional. Resource ID of the event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `eventHubName` | string | | | Optional. Name of the event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `logsToEnable` | array | `[Audit]` | `[Audit]` | Optional. The name of logs that will be streamed. | -| `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `gallerySolutions` | array | `[]` | | Optional. LAW gallerySolutions from the gallery. | | `linkedServices` | _[linkedServices](linkedServices/readme.md)_ array | `[]` | | Optional. List of services to be linked. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. | +| `logsToEnable` | array | `[Audit]` | `[Audit]` | Optional. The name of logs that will be streamed. | +| `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | Optional. The name of metrics that will be streamed. | | `name` | string | | | Required. Name of the Log Analytics workspace | | `publicNetworkAccessForIngestion` | string | `Enabled` | `[Enabled, Disabled]` | Optional. The network access type for accessing Log Analytics ingestion. | | `publicNetworkAccessForQuery` | string | `Enabled` | `[Enabled, Disabled]` | Optional. The network access type for accessing Log Analytics query. | @@ -42,7 +43,7 @@ This template deploys a log analytics workspace. | `storageInsightsConfigs` | array | `[]` | | Optional. List of storage accounts to be read by the workspace. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `useResourcePermissions` | bool | | | Optional. Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | +| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage: `gallerySolutions` @@ -130,6 +131,7 @@ Tag names and tag values can be provided as needed. A tag can be left without a - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Workspaces](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces) - [Workspaces/Datasources](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) - [Workspaces/Linkedservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) diff --git a/arm/Microsoft.Sql/servers/databases/readme.md b/arm/Microsoft.Sql/servers/databases/readme.md index 2ef8ecd754..4a993e8b41 100644 --- a/arm/Microsoft.Sql/servers/databases/readme.md +++ b/arm/Microsoft.Sql/servers/databases/readme.md @@ -6,7 +6,7 @@ This module deploys an Azure SQL Server. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/servers/databases` | 2021-02-01-preview | ## Parameters @@ -24,7 +24,7 @@ This module deploys an Azure SQL Server. | `isLedgerOn` | bool | | | Optional. Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. | | `licenseType` | string | | | Optional. The license type to apply for this database. | | `location` | string | `[resourceGroup().location]` | | Optional. Location for all resources. | -| `logsToEnable` | array | `[SQLInsights,AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timouts, Blocks, Deadlocks]` | `[SQLInsights,AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timouts, Blocks, Deadlocks]` | Optional. The name of logs that will be streamed. | +| `logsToEnable` | array | `[SQLInsights, AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timouts, Blocks, Deadlocks]` | `[SQLInsights, AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timouts, Blocks, Deadlocks]` | Optional. The name of logs that will be streamed. | | `maintenanceConfigurationId` | string | | | Optional. Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur. | | `maxSizeBytes` | int | | | Optional. The max size of the database expressed in bytes. | | `metricsToEnable` | array | `[Basic]` | `[Basic]` | Optional. The name of metrics that will be streamed. | @@ -67,4 +67,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a ## Template references +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Servers/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md index b0b871739e..a11a2cb394 100644 --- a/arm/Microsoft.Sql/servers/readme.md +++ b/arm/Microsoft.Sql/servers/readme.md @@ -8,7 +8,7 @@ This module deploys a SQL server. | :-- | :-- | | `Microsoft.Authorization/locks` | 2016-09-01 | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | -| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Sql/servers` | 2021-05-01-preview | | `Microsoft.Sql/servers/databases` | 2021-02-01-preview | | `Microsoft.Sql/servers/firewallRules` | 2021-05-01-preview | @@ -97,6 +97,7 @@ You can specify multiple user assigned identities to a resource by providing add - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Servers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers) - [Servers/Databases](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) - [Servers/Firewallrules](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md index 498f14aa4a..d553636eb1 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md @@ -7,7 +7,7 @@ This module can be used to deploy a blob service into a storage account. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | -| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/blobServices` | 2021-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers` | 2019-06-01 | | `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | 2019-06-01 | @@ -29,7 +29,7 @@ This module can be used to deploy a blob service into a storage account. | `metricsToEnable` | array | `[Transaction]` | `[Transaction]` | Optional. The name of metrics that will be streamed. | | `name` | string | `default` | | Optional. The name of the blob service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | +| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -43,6 +43,7 @@ This module can be used to deploy a blob service into a storage account. ## Template references - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Storageaccounts/Blobservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/blobServices) - [Storageaccounts/Blobservices/Containers](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) - [Storageaccounts/Blobservices/Containers/Immutabilitypolicies](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md index 3b098f6c32..3334761911 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md @@ -7,7 +7,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | -| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/fileServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/fileServices/shares` | 2019-06-01 | @@ -27,7 +27,7 @@ This module can be used to deploy a file share service into a storage account. | `shareDeleteRetentionPolicy` | object | `{object}` | | The service properties for soft delete. | | `shares` | _[shares](shares/readme.md)_ array | `[]` | | Optional. File shares to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | +| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -40,5 +40,6 @@ This module can be used to deploy a file share service into a storage account. ## Template references - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Storageaccounts/Fileservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/fileServices) - [Storageaccounts/Fileservices/Shares](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/fileServices/shares) diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md index cb2f4179f0..32afcf82d4 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md @@ -7,7 +7,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | -| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/queueServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/queueServices/queues` | 2019-06-01 | @@ -25,7 +25,7 @@ This module can be used to deploy a file share service into a storage account. | `name` | string | `default` | | Optional. The name of the queue service | | `queues` | _[queues](queues/readme.md)_ array | `[]` | | Optional. Queues to create. | | `storageAccountName` | string | | | Required. Name of the Storage Account. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | +| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -39,5 +39,6 @@ This module can be used to deploy a file share service into a storage account. ## Template references - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Storageaccounts/Queueservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/queueServices) - [Storageaccounts/Queueservices/Queues](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) diff --git a/arm/Microsoft.Storage/storageAccounts/readme.md b/arm/Microsoft.Storage/storageAccounts/readme.md index 9d0ee6d311..9ba12d0657 100644 --- a/arm/Microsoft.Storage/storageAccounts/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/readme.md @@ -8,7 +8,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | :-- | :-- | | `Microsoft.Authorization/locks` | 2016-09-01 | | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview | -| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Network/privateEndpoints` | 2021-05-01 | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-02-01 | | `Microsoft.Storage/storageAccounts` | 2021-06-01 | @@ -56,7 +56,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | | `vNetId` | string | | | Optional. Virtual Network Identifier used to create a service endpoint. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | +| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ### Parameter Usage: `roleAssignments` @@ -182,6 +182,7 @@ The hierarchical namespace of the storage account (see parameter `enableHierarch - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks) - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) - [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups) - [Storageaccounts](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts) diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md index 6cef5db132..499eea50a0 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md @@ -6,7 +6,7 @@ This module deploys a storage account table service | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Insights/diagnosticSettings` | 2017-05-01-preview | +| `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | | `Microsoft.Storage/storageAccounts/tableServices` | 2021-04-01 | | `Microsoft.Storage/storageAccounts/tableServices/tables` | 2021-06-01 | @@ -24,7 +24,7 @@ This module deploys a storage account table service | `name` | string | `default` | | Optional. The name of the table service | | `storageAccountName` | string | | | Required. Name of the Storage Account. | | `tables` | _[tables](tables/readme.md)_ array | `[]` | | Optional. tables to create. | -| `workspaceId` | string | | | Optional. Resource ID of log analytics. | +| `workspaceId` | string | | | Optional. Resource ID of a log analytics workspace. | ## Outputs @@ -36,5 +36,6 @@ This module deploys a storage account table service ## Template references +- [Diagnosticsettings](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) - [Storageaccounts/Tableservices](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/tableServices) - [Storageaccounts/Tableservices/Tables](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/tableServices/tables) From 1d50d3d88a5fc1d6900c2e7b151f44037a8f72e8 Mon Sep 17 00:00:00 2001 From: Sergio Navar Date: Wed, 8 Dec 2021 22:58:12 -0600 Subject: [PATCH 13/14] Update Diagnostic Setting deployment code --- .../workspaces/.parameters/parameters.json | 15 +++++++++++++++ .../workspaces/deploy.bicep | 4 ++-- arm/Microsoft.Sql/servers/databases/deploy.bicep | 4 ++-- .../storageAccounts/blobServices/deploy.bicep | 4 ++-- .../storageAccounts/deploy.bicep | 2 +- .../storageAccounts/fileServices/deploy.bicep | 4 ++-- .../storageAccounts/queueServices/deploy.bicep | 4 ++-- .../storageAccounts/tableServices/deploy.bicep | 4 ++-- 8 files changed, 28 insertions(+), 13 deletions(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json b/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json index 908b407660..eef49351b9 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json +++ b/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json @@ -148,6 +148,21 @@ }, "useResourcePermissions": { "value": true + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adpsxxazsaweux001" + }, + "workspaceId": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-sxx-az-law-x-001" + }, + "eventHubAuthorizationRuleId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-sxx-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + }, + "eventHubName": { + "value": "adp-sxx-az-evh-x-001" } } } diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 3180378c41..7cf2821e39 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -158,8 +158,8 @@ resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnostic workspaceId: empty(workspaceId) ? null : workspaceId eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId eventHubName: empty(eventHubName) ? null : eventHubName - metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics - logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + metrics: diagnosticsMetrics + logs: diagnosticsLogs } scope: logAnalyticsWorkspace } diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/arm/Microsoft.Sql/servers/databases/deploy.bicep index 4bcf408312..52f757609e 100644 --- a/arm/Microsoft.Sql/servers/databases/deploy.bicep +++ b/arm/Microsoft.Sql/servers/databases/deploy.bicep @@ -174,8 +174,8 @@ resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021 workspaceId: empty(workspaceId) ? null : workspaceId eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId eventHubName: empty(eventHubName) ? null : eventHubName - logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs - metrics: ((empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics) + metrics: diagnosticsMetrics + logs: diagnosticsLogs } scope: database } diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep index 0cb186941e..6fedd62faa 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep @@ -104,8 +104,8 @@ resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ workspaceId: empty(workspaceId) ? null : workspaceId eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId eventHubName: empty(eventHubName) ? null : eventHubName - metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics - logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + metrics: diagnosticsMetrics + logs: diagnosticsLogs } scope: blobServices } diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/deploy.bicep index acb844ae84..5d69da5544 100644 --- a/arm/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/deploy.bicep @@ -203,7 +203,7 @@ resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSetting workspaceId: empty(workspaceId) ? null : workspaceId eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId eventHubName: empty(eventHubName) ? null : eventHubName - metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics + metrics: diagnosticsMetrics } scope: storageAccount } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep index 3e605fdefa..3357f10f58 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep @@ -101,8 +101,8 @@ resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@ workspaceId: empty(workspaceId) ? null : workspaceId eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId eventHubName: empty(eventHubName) ? null : eventHubName - metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics - logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + metrics: diagnosticsMetrics + logs: diagnosticsLogs } scope: fileServices } diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep index 01aaac101e..21eb7001e3 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep @@ -89,8 +89,8 @@ resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings workspaceId: empty(workspaceId) ? null : workspaceId eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId eventHubName: empty(eventHubName) ? null : eventHubName - metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics - logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + metrics: diagnosticsMetrics + logs: diagnosticsLogs } scope: queueServices } diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep index 6a31b48c64..072c21983a 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep @@ -89,8 +89,8 @@ resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings workspaceId: empty(workspaceId) ? null : workspaceId eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId eventHubName: empty(eventHubName) ? null : eventHubName - metrics: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsMetrics - logs: (empty(diagnosticStorageAccountId) && empty(workspaceId) && empty(eventHubAuthorizationRuleId) && empty(eventHubName)) ? null : diagnosticsLogs + metrics: diagnosticsMetrics + logs: diagnosticsLogs } scope: tableServices } From f5595a7805cce99cd582817ae8ef2a086aeb2d76 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 9 Dec 2021 10:22:25 +0100 Subject: [PATCH 14/14] Updated to latest --- arm/Microsoft.OperationalInsights/workspaces/deploy.bicep | 8 ++++---- arm/Microsoft.Sql/servers/databases/deploy.bicep | 8 ++++---- .../storageAccounts/blobServices/deploy.bicep | 8 ++++---- .../storageAccounts/fileServices/deploy.bicep | 8 ++++---- .../storageAccounts/queueServices/deploy.bicep | 8 ++++---- .../storageAccounts/tableServices/deploy.bicep | 8 ++++---- docs/wiki/ModulesDesign.md | 8 ++++---- 7 files changed, 28 insertions(+), 28 deletions(-) diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep index 7cf2821e39..a5343b7e96 100644 --- a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -154,10 +154,10 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08 resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${logAnalyticsWorkspace.name}-diagnosticSettings' properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(workspaceId) ? workspaceId : null + eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null + eventHubName: !empty(eventHubName) ? eventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/arm/Microsoft.Sql/servers/databases/deploy.bicep index 52f757609e..8d7f953ae7 100644 --- a/arm/Microsoft.Sql/servers/databases/deploy.bicep +++ b/arm/Microsoft.Sql/servers/databases/deploy.bicep @@ -170,10 +170,10 @@ resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = { resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${last(split(database.name, '/'))}-diagnosticSettings' properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(workspaceId) ? workspaceId : null + eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null + eventHubName: !empty(eventHubName) ? eventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep index 6fedd62faa..38973f1598 100644 --- a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep @@ -100,10 +100,10 @@ resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01 resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${blobServices.name}-diagnosticSettings' properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(workspaceId) ? workspaceId : null + eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null + eventHubName: !empty(eventHubName) ? eventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep index 3357f10f58..6282c2e47e 100644 --- a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep @@ -97,10 +97,10 @@ resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-04-01 resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${fileServices.name}-diagnosticSettings' properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(workspaceId) ? workspaceId : null + eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null + eventHubName: !empty(eventHubName) ? eventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep index 21eb7001e3..5a7ba6cb5c 100644 --- a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep @@ -85,10 +85,10 @@ resource queueServices 'Microsoft.Storage/storageAccounts/queueServices@2021-04- resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${queueServices.name}-diagnosticSettings' properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(workspaceId) ? workspaceId : null + eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null + eventHubName: !empty(eventHubName) ? eventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep index 072c21983a..bd8d531e66 100644 --- a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ b/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep @@ -85,10 +85,10 @@ resource tableServices 'Microsoft.Storage/storageAccounts/tableServices@2021-04- resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(workspaceId)) || (!empty(eventHubAuthorizationRuleId)) || (!empty(eventHubName))) { name: '${tableServices.name}-diagnosticSettings' properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(workspaceId) ? workspaceId : null + eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null + eventHubName: !empty(eventHubName) ? eventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs } diff --git a/docs/wiki/ModulesDesign.md b/docs/wiki/ModulesDesign.md index 68e169b2cd..c61b2b0dc5 100644 --- a/docs/wiki/ModulesDesign.md +++ b/docs/wiki/ModulesDesign.md @@ -305,10 +305,10 @@ var diagnosticsMetrics = [for metric in metricsToEnable: { resource _diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(workspaceId) || !empty(eventHubAuthorizationRuleId) || !empty(eventHubName)) { name: '${.name}-diagnosticSettings' properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(workspaceId) ? null : workspaceId - eventHubAuthorizationRuleId: empty(eventHubAuthorizationRuleId) ? null : eventHubAuthorizationRuleId - eventHubName: empty(eventHubName) ? null : eventHubName + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(workspaceId) ? workspaceId : null + eventHubAuthorizationRuleId: !empty(eventHubAuthorizationRuleId) ? eventHubAuthorizationRuleId : null + eventHubName: !empty(eventHubName) ? eventHubName : null metrics: diagnosticsMetrics logs: diagnosticsLogs }