Manages a Diagnostic Setting for an existing Resource.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "example" {
name = "examplekeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
}
resource "azurerm_monitor_diagnostic_setting" "example" {
name = "example"
target_resource_id = azurerm_key_vault.example.id
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "AuditEvent"
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = false
}
}
}
The following arguments are supported:
name
- (Required) Specifies the name of the Diagnostic Setting. Changing this forces a new resource to be created.target_resource_id
- (Required) The ID of an existing Resource on which to configure Diagnostic Settings. Changing this forces a new resource to be created.
eventhub_name
- (Optional) Specifies the name of the Event Hub where Diagnostics Data should be sent.
eventhub_authorization_rule_id
- (Optional) Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. log
- (Optional) One or more log
blocks as defined below.enabled_log
- (Optional) One or more enabled_log
blocks as defined below.log_analytics_workspace_id
- (Optional) Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent.metric
- (Optional) One or more metric
blocks as defined below.storage_account_id
- (Optional) The ID of the Storage Account where logs should be sent. log_analytics_destination_type
- (Optional) Possible values are AzureDiagnostics
and Dedicated
. When set to Dedicated
, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy AzureDiagnostics
table.partner_solution_id
- (Optional) The ID of the market partner solution where Diagnostics Data should be sent. For potential partner integrations, click to learn more about partner integration.A log
block supports the following:
category
- (Optional) The name of a Diagnostic Log Category for this Resource.category_group
- (Optional) The name of a Diagnostic Log Category Group for this Resource.retention_policy
- (Optional) A retention_policy
block as defined below.enabled
- (Optional) Is this Diagnostic Log enabled? Defaults to true
.An enabled_log
block supports the following:
category
- (Optional) The name of a Diagnostic Log Category for this Resource.category_group
- (Optional) The name of a Diagnostic Log Category Group for this Resource.retention_policy
- (Optional) A retention_policy
block as defined below.A metric
block supports the following:
category
- (Required) The name of a Diagnostic Metric Category for this Resource.retention_policy
- (Optional) A retention_policy
block as defined below.enabled
- (Optional) Is this Diagnostic Metric enabled? Defaults to true
.A retention_policy
block supports the following:
enabled
- (Required) Is this Retention Policy enabled?
days
- (Optional) The number of days for which this Retention Policy should apply.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Diagnostic Setting.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Diagnostics Setting.update
- (Defaults to 30 minutes) Used when updating the Diagnostics Setting.read
- (Defaults to 5 minutes) Used when retrieving the Diagnostics Setting.delete
- (Defaults to 60 minutes) Used when deleting the Diagnostics Setting.Diagnostic Settings can be imported using the resource id
, e.g.
terraform import azurerm_monitor_diagnostic_setting.example "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.KeyVault/vaults/vault1|logMonitoring1"