azurermMonitorDiagnosticSetting
Manages a Diagnostic Setting for an existing Resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_1",
{
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "storageaccountname",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const dataAzurermClientConfigCurrent =
new azurerm.dataAzurermClientConfig.DataAzurermClientConfig(
this,
"current",
{}
);
const azurermKeyVaultExample = new azurerm.keyVault.KeyVault(
this,
"example_3",
{
location: azurermResourceGroupExample.location,
name: "examplekeyvault",
purge_protection_enabled: false,
resource_group_name: azurermResourceGroupExample.name,
sku_name: "standard",
soft_delete_retention_days: 7,
tenant_id: dataAzurermClientConfigCurrent.tenantId,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermKeyVaultExample.overrideLogicalId("example");
const azurermMonitorDiagnosticSettingExample =
new azurerm.monitorDiagnosticSetting.MonitorDiagnosticSetting(
this,
"example_4",
{
enabled_log: [
{
category: "AuditEvent",
retention_policy: [
{
enabled: false,
},
],
},
],
metric: [
{
category: "AllMetrics",
retention_policy: [
{
enabled: false,
},
],
},
],
name: "example",
storage_account_id: azurermStorageAccountExample.id,
target_resource_id: azurermKeyVaultExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMonitorDiagnosticSettingExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
name- (Required) Specifies the name of the Diagnostic Setting. Changing this forces a new resource to be created.
-> NOTE: If the name is set to 'service' it will not be possible to fully delete the diagnostic setting. This is due to legacy API support.
-
targetResourceId- (Required) The ID of an existing Resource on which to configure Diagnostic Settings. Changing this forces a new resource to be created. -
eventhubName- (Optional) Specifies the name of the Event Hub where Diagnostics Data should be sent.
-> NOTE: If this isn't specified then the default Event Hub will be used.
eventhubAuthorizationRuleId- (Optional) Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data.
-> NOTE: This can be sourced from the azurermEventhubNamespaceAuthorizationRule resource and is different from a azurermEventhubAuthorizationRule resource.
-> NOTE: At least one of eventhubAuthorizationRuleId, logAnalyticsWorkspaceId, partnerSolutionId and storageAccountId must be specified.
log- (Optional) One or morelogblocks as defined below.
-> NOTE: log is deprecated in favour of the enabledLog property and will be removed in version 4.0 of the AzureRM Provider.
enabledLog- (Optional) One or moreenabledLogblocks as defined below.
-> NOTE: At least one log, enabledLog or metric block must be specified. At least one type of Log or Metric must be enabled.
logAnalyticsWorkspaceId- (Optional) Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent.
-> NOTE: At least one of eventhubAuthorizationRuleId, logAnalyticsWorkspaceId, partnerSolutionId and storageAccountId must be specified.
metric- (Optional) One or moremetricblocks as defined below.
-> NOTE: At least one log, enabledLog or metric block must be specified.
storageAccountId- (Optional) The ID of the Storage Account where logs should be sent.
-> NOTE: At least one of eventhubAuthorizationRuleId, logAnalyticsWorkspaceId, partnerSolutionId and storageAccountId must be specified.
logAnalyticsDestinationType- (Optional) Possible values areazureDiagnosticsanddedicated. When set todedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacyazureDiagnosticstable.
-> NOTE: This setting will only have an effect if a logAnalyticsWorkspaceId is provided. For some target resource type (e.g., Key Vault), this field is unconfigurable. Please see resource types for services that use each method. Please see the documentation for details on the differences between destination types.
partnerSolutionId- (Optional) The ID of the market partner solution where Diagnostics Data should be sent. For potential partner integrations, click to learn more about partner integration.
-> NOTE: At least one of eventhubAuthorizationRuleId, logAnalyticsWorkspaceId, partnerSolutionId and storageAccountId must be specified.
A log block supports the following:
category- (Optional) The name of a Diagnostic Log Category for this Resource.
-> NOTE: The Log Categories available vary depending on the Resource being used. You may wish to use the azurermMonitorDiagnosticCategories Data Source or list of service specific schemas to identify which categories are available for a given Resource.
categoryGroup- (Optional) The name of a Diagnostic Log Category Group for this Resource.
-> NOTE: Not all resources have category groups available.
-
retentionPolicy- (Optional) AretentionPolicyblock as defined below. -
enabled- (Optional) Is this Diagnostic Log enabled? Defaults totrue.
An enabledLog block supports the following:
category- (Optional) The name of a Diagnostic Log Category for this Resource.
-> NOTE: The Log Categories available vary depending on the Resource being used. You may wish to use the azurermMonitorDiagnosticCategories Data Source or list of service specific schemas to identify which categories are available for a given Resource.
categoryGroup- (Optional) The name of a Diagnostic Log Category Group for this Resource.
-> NOTE: Not all resources have category groups available.****
retentionPolicy- (Optional) AretentionPolicyblock as defined below.
A metric block supports the following:
category- (Required) The name of a Diagnostic Metric Category for this Resource.
-> NOTE: The Metric Categories available vary depending on the Resource being used. You may wish to use the azurermMonitorDiagnosticCategories Data Source to identify which categories are available for a given Resource.
-
retentionPolicy- (Optional) AretentionPolicyblock as defined below. -
enabled- (Optional) Is this Diagnostic Metric enabled? Defaults totrue.
A retentionPolicy block supports the following:
-
enabled- (Required) Is this Retention Policy enabled? -
days- (Optional) The number of days for which this Retention Policy should apply.
-> NOTE: Setting this to 0 will retain the events indefinitely.
Attributes Reference
The following attributes are exported:
id- The ID of the Diagnostic Setting.
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Diagnostics Setting.update- (Defaults to 30 minutes) Used when updating the Diagnostics Setting.read- (Defaults to 5 minutes) Used when retrieving the Diagnostics Setting.delete- (Defaults to 60 minutes) Used when deleting the Diagnostics Setting.
Import
Diagnostic Settings can be imported using the resourceId, e.g.
terraform import azurerm_monitor_diagnostic_setting.example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.KeyVault/vaults/vault1|logMonitoring1"
-> NOTE: This is a Terraform specific Resource ID which uses the format {resourceId}|{diagnosticSettingName}