Skip to content

Commit

Permalink
New diagnostic policy definition
Browse files Browse the repository at this point in the history 
This policy is to enable Diagnostic Settings on Web Slots
  • Loading branch information
@MARIADELMARcr
MARIADELMARcr committed May 7, 2024
1 parent 99792c8 commit 4d679d4
Show file tree
Hide file tree
Showing 3 changed files with 351 additions and 0 deletions.
178 changes: 178 additions & 0 deletions ...ring/deploy-diagnostic-settings-for-web-slots-to-log-analytics-workspace/azurepolicy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
{
"displayName": "Deploy Diagnostic Settings for Web Slots to Log Analytics workspace",
"description": "Deploys the diagnostic settings for Web Slots to stream to a regional Log Analytics workspace when any Web Slots which is missing this diagnostic settings is created or updated.",
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"equals": "Microsoft.Web/sites/slots",
"field": "type"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"name": "[parameters('profileName')]",
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "[parameters('logsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "[parameters('metricsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalytics')]"
}
]
},
"deployment": {
"properties": {
"mode": "Incremental",
"template": {
"$schema": "http: //schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sitename": {
"type": "string"
},
"resourceName": {
"type": "String"
},
"logAnalytics": {
"type": "String"
},
"location": {
"type": "String"
},
"profileName": {
"type": "String"
},
"metricsEnabled": {
"type": "String"
},
"logsEnabled": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "microsoft.web/sites/slots/providers/diagnosticsettings",
"apiVersion": "2021-05-01-preview",
"name": "[concat(parameters('resourceName'),'/microsoft.insights/', parameters('profileName'))]",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": "[parameters('metricsEnabled')]"
}
],
"logs": [
{
"categoryGroup": "allLogs",
"enabled": "[parameters('logsEnabled')]"
},
{
"categoryGroup": "audit",
"enabled": "[parameters('logsEnabled')]"
}
]
}
}
]
},
"parameters": {
"sitename": {
"value": "[field('fullName')]"
},
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
},
"location": {
"value": "[field('location')]"
},
"resourceName": {
"value": "[field('fullName')]"
},
"profileName": {
"value": "[parameters('profileName')]"
},
"metricsEnabled": {
"value": "[parameters('metricsEnabled')]"
},
"logsEnabled": {
"value": "[parameters('logsEnabled')]"
}
}
}
}
}
}
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Log Analytics workspace",
"description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
"strongType": "omsWorkspace"
}
},
"profileName": {
"type": "String",
"metadata": {
"displayName": "Profile name",
"description": "The diagnostic settings profile name"
},
"defaultValue": "setbypolicy_logAnalytics"
},
"metricsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable metrics",
"description": "Whether to enable metrics stream to the Log Analytics workspace - true or False"
},
"allowedValues": [
"true"
],
"defaultValue": "true"
},
"logsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable logs",
"description": "Whether to enable logs stream to the Log Analytics workspace - true or False"
},
"allowedValues": [
"true"
],
"defaultValue": "true"
}
}
}
53 changes: 53 additions & 0 deletions ...-diagnostic-settings-for-web-slots-to-log-analytics-workspace/azurepolicy.parameters.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"logAnalytics": {
"type": "String",
"metadata": {
"displayName": "Log Analytics workspace",
"description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
"strongType": "omsWorkspace"
}
},
"profileName": {
"type": "String",
"metadata": {
"displayName": "Profile name",
"description": "The diagnostic settings profile name"
},
"defaultValue": "setbypolicy_logAnalytics"
},
"metricsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable metrics",
"description": "Whether to enable metrics stream to the Log Analytics workspace - true or False"
},
"allowedValues": [
"true"
],
"defaultValue": "true"
},
"logsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable logs",
"description": "Whether to enable logs stream to the Log Analytics workspace - true or False"
},
"allowedValues": [
"true"
],
"defaultValue": "true"
}
}
120 changes: 120 additions & 0 deletions ...eploy-diagnostic-settings-for-web-slots-to-log-analytics-workspace/azurepolicy.rules.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
{
"if": {
"allOf": [
{
"equals": "Microsoft.Web/sites/slots",
"field": "type"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"name": "[parameters('profileName')]",
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "[parameters('logsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "[parameters('metricsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalytics')]"
}
]
},
"deployment": {
"properties": {
"mode": "Incremental",
"template": {
"$schema": "http: //schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sitename": {
"type": "string"
},
"resourceName": {
"type": "String"
},
"logAnalytics": {
"type": "String"
},
"location": {
"type": "String"
},
"profileName": {
"type": "String"
},
"metricsEnabled": {
"type": "String"
},
"logsEnabled": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "microsoft.web/sites/slots/providers/diagnosticsettings",
"apiVersion": "2021-05-01-preview",
"name": "[concat(parameters('resourceName'),'/microsoft.insights/', parameters('profileName'))]",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": "[parameters('metricsEnabled')]"
}
],
"logs": [
{
"categoryGroup": "allLogs",
"enabled": "[parameters('logsEnabled')]"
},
{
"categoryGroup": "audit",
"enabled": "[parameters('logsEnabled')]"
}
]
}
}
]
},
"parameters": {
"sitename": {
"value": "[field('fullName')]"
},
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
},
"location": {
"value": "[field('location')]"
},
"resourceName": {
"value": "[field('fullName')]"
},
"profileName": {
"value": "[parameters('profileName')]"
},
"metricsEnabled": {
"value": "[parameters('metricsEnabled')]"
},
"logsEnabled": {
"value": "[parameters('logsEnabled')]"
}
}
}
}
}
}
}

0 comments on commit 4d679d4

Please sign in to comment.