Open lyndon678 opened 4 years ago
Hi @lyndon678 Thank you for submitting this issue :+1:
As you know, azurerm_monitor_log_profile
is a legacy method to manage the platform logs and metrics, in favor of diagnostic settings. There is the corresponding terraform resource: azurerm_monitor_diagnostic_settings
, which accepts log_analytics_workspace_id
.
While if you for some reason is not able to migrate to using the diagnostic settings, then unfortunately current API of monitor log profile doesn't support specifying the log analytics workspace id directly. However, as the document mentioned, we can create a data source (as stated in #4446) to support it.
Since I didn't find this information easy to come by. I agree with @magodo that the azurerm_monitor_diagnostic_settings
is what should be used where you can use log_analytics_workspace_id
. You can then pass in your current subscription ID as the target_resource_id
. Here is an example on what worked for me.
data "azurerm_subscription" "current" {
}
resource "azurerm_monitor_diagnostic_setting" "diag-activitylog" {
name = "diag-activitylog"
target_resource_id = data.azurerm_subscription.current.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.log-workspace.id
log {
category = "Administrative"
enabled = true
}
log {
category = "Security"
enabled = true
}
log {
category = "ServiceHealth"
enabled = true
}
log {
category = "Alert"
enabled = true
}
log {
category = "Recommendation"
enabled = true
}
log {
category = "Policy"
enabled = true
}
log {
category = "Autoscale"
enabled = true
}
log {
category = "ResourceHealth"
enabled = true
}
}
One issue is that the data source on the log analytics workspace doesn't automatically connect. Seems like this will need to be done manually as per https://github.com/terraform-providers/terraform-provider-azurerm/issues/3182.
Community Note
Description
Exporting the activity log of Azure subscriptions for processing is imperative for governance and security. Unfortunately the azurerm_log_profile only support two of the three common targets, Event Hub and Storage Account. The support for a Log Analytics Workspace would be highly appreciated.
New or Affected Resource(s)
Potential Terraform Configuration
References