azurepolicy.bastion-la.json contains diagnostics for Microsoft.Web/sites

[Astashin]

Seems like copy-paste for web apps without changing config for bastion. Below are correct fields for policy definition:

        "policyRule": {
          "if": {
            "field": "type",
            "equals": "Microsoft.Network/bastionHosts"
          },

Resource type:

"resources": [
                      {
                        "type": "Microsoft.Network/bastionHosts/providers/diagnosticSettings",

Log and metrics config:

                          "metrics": [],
                          "logs": [
                            {
                              "category": "BastionAuditLogs",
                              "enabled": true
                            }

[tyconsulting]

resolved - using log category group instead