krowlandson
commented
3 years ago @LaurentLesle and @arnaudlh... are either of you able to assist with this request please?
Closed Elgeario closed 2 years ago
krowlandson
commented
3 years ago @LaurentLesle and @arnaudlh... are either of you able to assist with this request please?
krowlandson
commented
3 years ago @Elgeario in the absence of any other response I would like to at least offer you a solution in the context of this module.
If your preference is to use the Log Analytics workspace implemented by the Launchpad, you can tell this module that you have an existing Log Analytics workspace by using the following advanced configuration for configure_management_resources within the module input variables:
configure_management_resources = {
settings = {
log_analytics = {
enabled = true
config = {
retention_in_days = 30
enable_monitoring_for_arc = true
enable_monitoring_for_vm = true
enable_monitoring_for_vmss = true
enable_solution_for_agent_health_assessment = true
enable_solution_for_anti_malware = true
enable_solution_for_azure_activity = true
enable_solution_for_change_tracking = true
enable_solution_for_service_map = true
enable_solution_for_sql_assessment = true
enable_solution_for_updates = true
enable_solution_for_vm_insights = true
enable_sentinel = true
}
}
security_center = {
enabled = true
config = {
email_security_contact = "security_contact@replace_me"
enable_defender_for_acr = true
enable_defender_for_app_services = true
enable_defender_for_arm = true
enable_defender_for_dns = true
enable_defender_for_key_vault = true
enable_defender_for_kubernetes = true
enable_defender_for_servers = true
enable_defender_for_sql_servers = true
enable_defender_for_sql_server_vms = true
enable_defender_for_storage = true
}
}
}
location = null
tags = null
advanced = {
existing_resource_group_name = "my-existing-rsg" #OPTIONAL
existing_log_analytics_workspace_resource_id = "my-existing-law" #OPTIONAL
existing_automation_account_resource_id = "my-existing-aa" #OPTIONAL
link_log_analytics_to_automation_account = true #OPTIONAL
}
}
You can use any combination of the above to do the following:
enable_solution_for_)Appreciate this may be a little late for you, but hopefully this helps?
Elgeario
commented
3 years ago Thanks Kevin
I've been on Jury duty so will take a look at this soon.
Appreciate the response.
Thanks
Nick
On Thu, 30 Sep 2021, 09:17 Kevin Rowlandson, @.***> wrote:
@Elgeario https://github.com/Elgeario in the absence of any other response I would like to at least offer you a solution in the context of this module.
If your preference is to use the Log Analytics workspace implemented by the Launchpad, you can tell this module that you have an existing Log Analytics workspace by using the following advanced configuration for configure_management_resources within the module input variables:
configure_management_resources = { settings = { log_analytics = { enabled = true config = { retention_in_days = 30 enable_monitoring_for_arc = true enable_monitoring_for_vm = true enable_monitoring_for_vmss = true enable_solution_for_agent_health_assessment = true enable_solution_for_anti_malware = true enable_solution_for_azure_activity = true enable_solution_for_change_tracking = true enable_solution_for_service_map = true enable_solution_for_sql_assessment = true enable_solution_for_updates = true enable_solution_for_vm_insights = true enable_sentinel = true } } security_center = { enabled = true config = { email_security_contact = @.***_me" enable_defender_for_acr = true enable_defender_for_app_services = true enable_defender_for_arm = true enable_defender_for_dns = true enable_defender_for_key_vault = true enable_defender_for_kubernetes = true enable_defender_for_servers = true enable_defender_for_sql_servers = true enable_defender_for_sql_server_vms = true enable_defender_for_storage = true } } } location = null tags = null advanced = { existing_resource_group_name = "my-existing-rsg" #OPTIONAL existing_log_analytics_workspace_resource_id = "my-existing-law" #OPTIONAL existing_automation_account_resource_id = "my-existing-aa" #OPTIONAL link_log_analytics_to_automation_account = true #OPTIONAL } }
You can use any combination of the above to do the following:
- Target deployment to an existing Resource Group (must be within the same Subscription)
- Tell the module to use an existing Log Analytics workspace (it will try to deploy all of the solutions to this, unless you switch the module flags enable_solutionfor)
- Tell the module to use an existing Automation Account
- Tell the module to link the Log Analytics workspace and Automation Account (either can be created by the module, or existing, but must be of compatible SKUs and within the same Subscription)
Appreciate this may be a little late for you, but hopefully this helps?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues/154#issuecomment-931004865, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATFKRTFPM2ON4ADZ5ABBFRTUEQMJNANCNFSM5CW4ZFQQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
krowlandson
commented
2 years ago @Elgeario... I am going to close this issue as we haven't heard back from you but please feel free to re-open if you require further guidance on this. Thank you.
Elgeario
commented
2 years ago Thank you Kevin.
We have implemented as you provided and we are happy with it.
Cheers
Nick
On Thu, 30 Sept 2021, 09:17 Kevin Rowlandson, @.***> wrote:
@Elgeario https://github.com/Elgeario in the absence of any other response I would like to at least offer you a solution in the context of this module.
If your preference is to use the Log Analytics workspace implemented by the Launchpad, you can tell this module that you have an existing Log Analytics workspace by using the following advanced configuration for configure_management_resources within the module input variables:
configure_management_resources = { settings = { log_analytics = { enabled = true config = { retention_in_days = 30 enable_monitoring_for_arc = true enable_monitoring_for_vm = true enable_monitoring_for_vmss = true enable_solution_for_agent_health_assessment = true enable_solution_for_anti_malware = true enable_solution_for_azure_activity = true enable_solution_for_change_tracking = true enable_solution_for_service_map = true enable_solution_for_sql_assessment = true enable_solution_for_updates = true enable_solution_for_vm_insights = true enable_sentinel = true } } security_center = { enabled = true config = { email_security_contact = @.***_me" enable_defender_for_acr = true enable_defender_for_app_services = true enable_defender_for_arm = true enable_defender_for_dns = true enable_defender_for_key_vault = true enable_defender_for_kubernetes = true enable_defender_for_servers = true enable_defender_for_sql_servers = true enable_defender_for_sql_server_vms = true enable_defender_for_storage = true } } } location = null tags = null advanced = { existing_resource_group_name = "my-existing-rsg" #OPTIONAL existing_log_analytics_workspace_resource_id = "my-existing-law" #OPTIONAL existing_automation_account_resource_id = "my-existing-aa" #OPTIONAL link_log_analytics_to_automation_account = true #OPTIONAL } }
You can use any combination of the above to do the following:
- Target deployment to an existing Resource Group (must be within the same Subscription)
- Tell the module to use an existing Log Analytics workspace (it will try to deploy all of the solutions to this, unless you switch the module flags enable_solutionfor)
- Tell the module to use an existing Automation Account
- Tell the module to link the Log Analytics workspace and Automation Account (either can be created by the module, or existing, but must be of compatible SKUs and within the same Subscription)
Appreciate this may be a little late for you, but hopefully this helps?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues/154#issuecomment-931004865, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATFKRTFPM2ON4ADZ5ABBFRTUEQMJNANCNFSM5CW4ZFQQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
krowlandson
commented
2 years ago Great to hear, thank you for confirming @Elgeario 😃
Currently we are deploying the CAF code into our Azure environment. When we originally applied the Launchpad we deployed a log analytics workspace and a number of in built solutions as part of diagnostics_log_analytics. We are also using the enterprise scale code which again looks to deploy a log analytics workspace, with some new and overlapping solutions. We want to configure our environment to manage the Log analystics workspace from either the Launchpad or Enterprise scale code, but which is best so that we follow the CAF direction of travel for configuring log analytics?
Thanks