Enable SQL Auditing to Log Analytics workspace on Synapse Workspace with Terraform missing

vamshisiram commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.7

AzureRM Provider Version

3.2.0

Affected Resource(s)/Data Source(s)

azurerm_synapse_workspace_extended_auditing_policy

Terraform Configuration Files

resource "azurerm_storage_account" "audit_logs" {
  name                     = "examplesa"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_synapse_workspace_extended_auditing_policy" "example" {
  synapse_workspace_id                    = azurerm_synapse_workspace.example.id
  storage_endpoint                        = azurerm_storage_account.audit_logs.primary_blob_endpoint
  storage_account_access_key              = azurerm_storage_account.audit_logs.primary_access_key
  storage_account_access_key_is_secondary = false
  retention_in_days                       = 6
}

Debug Output/Panic Output

don't see the option to send auditing logs to log anaytics workspace with this provider, is this not available?

Expected Behaviour

expect to send the audit logs to log analytics worksapce instead of a storage account.

Actual Behaviour

only seeing code to send audit logs to storage account

Steps to Reproduce

deploy audit logs for synapse workspace

Important Factoids

No response

References

No response

xiaoyuanzi1230 commented 1 year ago

Hello, one of my customer is also asking for this same issue. Looks like currently we don't support to enable the Audit with Log analytics workspace, and also I found there is also no option in Azure ARM Template / Synapse rest API to let . So do terraform have this plan to support this? Thanks

fgarcia-cnb commented 1 year ago

actually, you enable a log analytics workspace destination for auditing by setting the diagnostic setting on the synapse workspace resource. specificaully, the SQLSecurityAuditEvents log category

MWaris97 commented 3 months ago

I think it's too late, but it might help someone so putting it out there. I was able to do this with:

resource "azurerm_synapse_workspace_extended_auditing_policy" "audit_settings" {
  synapse_workspace_id = azurerm_synapse_workspace.example.id
}

resource "azurerm_monitor_diagnostic_setting" "example" {
  name               = "example-diagnostic-setting"
  target_resource_id = azurerm_synapse_workspace.example.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id

  enabled_log {
    category = "SQLSecurityAuditEvents"
  }

  metric {
    category = "AllMetrics"
    enabled  = true
  }
}

hashicorp / terraform-provider-azurerm