Manages an Azure Active Directory Diagnostic Setting for Azure Monitor.
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-rg"
location = "west europe"
}
resource "azurerm_storage_account" "example" {
name = "examplestorageaccount"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_kind = "StorageV2"
account_replication_type = "LRS"
}
resource "azurerm_monitor_aad_diagnostic_setting" "example" {
name = "setting1"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "SignInLogs"
retention_policy {
enabled = true
days = 1
}
}
enabled_log {
category = "AuditLogs"
retention_policy {
enabled = true
days = 1
}
}
enabled_log {
category = "NonInteractiveUserSignInLogs"
retention_policy {
enabled = true
days = 1
}
}
enabled_log {
category = "ServicePrincipalSignInLogs"
retention_policy {
enabled = true
days = 1
}
}
}
The following arguments are supported:
name
- (Required) The name which should be used for this Monitor Azure Active Directory Diagnostic Setting. Changing this forces a new Monitor Azure Active Directory Diagnostic Setting to be created.
log
- (Optional) One or more log
blocks as defined below.
enabled_log
- (Optional) One or more enabled_log
blocks as defined below.eventhub_authorization_rule_id
- (Optional) Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. Changing this forces a new resource to be created.eventhub_name
- (Optional) Specifies the name of the Event Hub where Diagnostics Data should be sent. If not specified, the default Event Hub will be used. Changing this forces a new resource to be created.
log_analytics_workspace_id
- (Optional) Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent.
storage_account_id
- (Optional) The ID of the Storage Account where logs should be sent. Changing this forces a new resource to be created.
A log
block supports the following:
category
- (Required) The log category for the Azure Active Directory Diagnostic.
retention_policy
- (Required) A retention_policy
block as defined below.
enabled
- (Optional) Is this Diagnostic Log enabled? Defaults to true
.
A enabled_log
block supports the following:
category
- (Required) The log category for the Azure Active Directory Diagnostic.
retention_policy
- (Required) A retention_policy
block as defined below.
A retention_policy
block supports the following:
enabled
- (Optional) Is this Retention Policy enabled? Defaults to false
.
days
- (Optional) The number of days for which this Retention Policy should apply. Defaults to 0
.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Monitor Azure Active Directory Diagnostic Setting.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 5 minutes) Used when creating the Monitor Azure Active Directory Diagnostic Setting.read
- (Defaults to 5 minutes) Used when retrieving the Monitor Azure Active Directory Diagnostic Setting.update
- (Defaults to 5 minutes) Used when updating the Monitor Azure Active Directory Diagnostic Setting.delete
- (Defaults to 5 minutes) Used when deleting the Monitor Azure Active Directory Diagnostic Setting.Monitor Azure Active Directory Diagnostic Settings can be imported using the resource id
, e.g.
terraform import azurerm_monitor_aad_diagnostic_setting.example /providers/Microsoft.AADIAM/diagnosticSettings/setting1