[Module Proposal]: `Diagnostic_settings_mass_apply`

[ryan-royals]

Check for previous/existing GitHub issues/module proposals

• [x] I have checked for previous/existing GitHub issues/module proposals.

Check this module doesn't already exist in the module indexes

• [x] I have checked for that this module doesn't already exist in the module indexes.

Bicep or Terraform?

Terraform

Module Classification?

I'm not sure, please advise

Module Name

avm-?(res/pat/utl)-?(diag)-diag-settings

Module Details

Overview

Module that you feed it a list of Resource ID's, and it automatically enables all enabled_log and metric to the supplied destination. Overwrites are available to configure each Resource Type.

Example implementation

Here is my first pass at the module

module "log" {
  source = "../../"

  log_analytics_workspace_id = azurerm_log_analytics_workspace.laws.id
  target_resource_ids = [
    "${azurerm_storage_account.st.id}/blobServices/default",
    azurerm_storage_account.st.id,
    azurerm_storage_account.st2.id
  ]
  log_category_types_overwrites = {
    "blobServices" = ["StorageDelete"]
  }
}

In this example, all enabled_log and metric are enabled for Storage Accounts, but any blobServices (In this example there is only 1, but this applies to all) only has StorageDelete for enabled_log and all metrics.

Potential Flaws

• Currently untested the full robustness of relying on a count for the diagnostic settings.
  • May be easy to break if Terraform can not fully calculate the length() for the count at plan time.
• Using count for the loop on diagnostic_setting means that if you remove a element from the list, all following elements get recreated.
  • This is noisy in the TF plan, but may be a worthy trade off rather than having lots of diagnostic_setting resource blocks in the root module.

AVM misc

• Unsure what category this module fits. I think it is a Utility as it does not specifically sit under a singular Resource Type, and does nothing by itself.
• Unsure if all other AVM modules should use this for logging. Assume not and this is more for retrofitting resources in root modules etc.

Do you want to be the owner of this module?

Yes

Module Owner's GitHub Username (handle)

ryan-royals

(Optional) Secondary Module Owner's GitHub Username (handle)

No response

[microsoft-github-policy-service[bot]]

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!TIP] For additional guidance on how to triage this issue/PR, see the AVM Issue Triage documentation.

[microsoft-github-policy-service[bot]]

@ryan-royals, thanks for volunteering to be a module owner!

[!IMPORTANT] Please don't start the development just yet!

The AVM core team will review this module proposal and respond to you first. Thank you!

[microsoft-github-policy-service[bot]]

[!IMPORTANT] @ryan-royals, this issue has not had any activity in the last 3 weeks. Please feel free to reach out to the AVM core team should you have any questions or need any help with the development of this module.

[!TIP] To silence this notification, provide an update every 3 weeks on the Module Proposal issue, or add the "Status: Long Term :hourglass_flowing_sand:" label.