Support for VNet in azurerm_network_watcher_flow_log

terrymandin commented 3 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

I am creating a Terraform Azure Verified Module for Flow Logs. We have a requirement to create a flow log as part of the VNet creation. This is supported in the portal:

but not in the provider. Please add this capability.

I believe that the network_security_group_id variable should be renamed to target_resource_id similar to azapi. I confirmed that setting this to a VNet also works. It doesn't have to be just a NSG.

New or Affected Resource(s)/Data Source(s)

azurerm_network_watcher_flow_log

Potential Terraform Configuration

resource "azurerm_network_watcher_flow_log" "test" {
  network_watcher_name = azurerm_network_watcher.test.name
  resource_group_name  = azurerm_resource_group.example.name
  name                 = "example-log"

  target_resource_id        = azurerm_virtual_network.this.id
  storage_account_id        = azurerm_storage_account.test.id
  enabled                   = true

  retention_policy {
    enabled = true
    days    = 7
  }

  traffic_analytics {
    enabled               = true
    workspace_id          = azurerm_log_analytics_workspace.test.workspace_id
    workspace_region      = azurerm_log_analytics_workspace.test.location
    workspace_resource_id = azurerm_log_analytics_workspace.test.id
    interval_in_minutes   = 10
  }
}

References

No response

speed400m commented 3 months ago

also looking for this..

michasacuer commented 1 month ago

@favoretti any updates?

VillageIke commented 1 week ago

Any updates?

ryanghavidel2024 commented 3 days ago

I guess it's not doable in Terraform yet! target_resource_id or resource_id to specify the VNET are not simply working in azurerm_network_watcher_flow_log. We seem to have to use NSG' for now...

hashicorp / terraform-provider-azurerm