DEVHIDE
Login Or Sign up

Azure Policy to Create/update diagnostic setting

1.3k Views Asked by At

I am new to azure policy and i am trying to implement azure policy to enforce creation of diagnostic setting on azure resources.

My goal is to achieve below..

  - Create a diagnostic settings on resource every time a new resource is created. -- works
  - Recreate/modify if  diagnostics setting/destination  is manually changed or deleted. -- Not working 
  - Recreate/modify the diagnostics settings at scale when the assignment is recreated with different configuration. -- Not working

This is the policy i am using

                    "existenceCondition": {
                        "anyof": [
                            {
                                "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
                                "equals": "[parameters('logsEnabled')]"
                            },
                            {
                                "field": "Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId",
                                "equals": "[parameters('eventHubAuthorizationRuleId')]"
                            },
                            {
                                "field": "Microsoft.Insights/diagnosticSettings/eventHubName",
                                "equals": "[parameters('eventHubName')]"
                            },
                            {
                                "field": "Microsoft.Insights/diagnosticSettings/workspaceId",
                                "equals": "[parameters('workspaceId')]"
                            }
                        ]

My goal is to achieve below..

  - Create a diagnostic settings on resource every time a new resource is created. -- works
  - Recreate/modify if  diagnostics setting/destination  is manually changed or deleted. -- Not working 
  - Recreate/modify the diagnostics settings at scale when the assignment is recreated with different configuration. -- Not working
azure-policy azure-diagnostics
Original Q&A
1

There are 1 best solutions below

0
Venkat V On

The Azure policy will enable diagnostic settings on newly created resources and will also modify the diagnostic settings if they have been updated or deleted manually.

  {
 "mode": "All",
 "policyRule": {
   "if": {
     "field": "type",
     "equals": "*"
   },
   "then": {
     "effect": "deployIfNotExists",
     "details": {
       "type": "Microsoft.Insights/diagnosticSettings",
       "name": "ensurediagnosticsettings",
       "existenceCondition": {
         "allOf": [
           {
             "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
             "notEquals": "false"
           },
           {
             "field": "Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId",
             "notEquals": ""
           },
           {
             "field": "Microsoft.Insights/diagnosticSettings/eventHubName",
             "notEquals": ""
           },
           {
             "field": "Microsoft.Insights/diagnosticSettings/workspaceId",
             "equals": "[parameters('workspaceId')]"
           }
         ]
       },
       "deployment": {
         "properties": {
           "mode": "incremental",
           "template": {
             "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
             "contentVersion": "1.0.0.0",
             "parameters": {},
             "resources": [
               {
                 "type": "Microsoft.Insights/diagnosticSettings",
                 "name": "[concat(resourceGroup().name, '/', 'Microsoft.Insights/diagnosticSettings')]",
                 "apiVersion": "2017-05-01-preview",
                 "properties": {
                   "logs": [
                     {
                       "category": "default",
                       "enabled": true,
                       "retentionPolicy": {
                         "days": 365,
                         "enabled": true
                       }
                     }
                   ],
                   "metrics": []
                 }
               }
             ]
           },
           "parameters": {}
         }
       }
     }
   }
 },
 "parameters": {
   "workspaceId": {
     "type": "String",
     "metadata": {
       "displayName": "Workspace ID",
       "description": "The ID of the workspace for diagnostic settings."
     }
   }
 }
}

Policy Assignment:

enter image description here

The policy will make sure that all resources in the active subscription have their diagnostic settings enabled after it has been assigned to the scope.

Related Questions in AZURE-POLICY

Related Questions in AZURE-DIAGNOSTICS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.