Skip to content

Commit

Permalink
Diagnostic Settings Policies for PaaS services (Azure#143)
Browse files Browse the repository at this point in the history 
* Add diagnostic settings policies for data services

* Add branch config for testing

* Add missing types for auditing

* Add diagnostic setting policies for compute services

* Add diagnostic setting policies for integration services

* Add diagnostic setting policies for network services

* Remove policy for ACI since it doesn't have logs to collect

* Remove extra resource type

* Set region to 'global' for edge services

* Remove branch config. used for testing

* Updated App Service log categories

* Add branch config

* Remove branch config
  • Loading branch information
@SenthuranSivananthan
SenthuranSivananthan authored Jan 21, 2022
1 parent 7ea0e90 commit fff245d
Show file tree
Hide file tree
Showing 65 changed files with 4,319 additions and 3 deletions.
4 changes: 4 additions & 0 deletions ...y/custom/definitions/policy/LA-Microsoft.AnalysisServices-servers/azurepolicy.config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "Deploy Diagnostic Settings for Analysis Service to Log Analytics Workspaces",
"mode": "indexed"
}
49 changes: 49 additions & 0 deletions ...stom/definitions/policy/LA-Microsoft.AnalysisServices-servers/azurepolicy.parameters.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"profileName": {
"type": "String",
"metadata": {
"displayName": "Profile Name for Config",
"description": "The profile name Azure Diagnostics"
}
},
"logAnalytics": {
"type": "string",
"metadata": {
"displayName": "logAnalytics",
"description": "The target Log Analytics Workspace for Azure Diagnostics",
"strongType": "omsWorkspace"
}
},
"azureRegions": {
"type": "Array",
"metadata": {
"displayName": "Allowed Locations",
"description": "The list of locations that can be specified when deploying resources",
"strongType": "location"
}
},
"metricsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable Metrics",
"description": "Enable Metrics - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "False"
},
"logsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable Logs",
"description": "Enable Logs - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
}
}
126 changes: 126 additions & 0 deletions ...cy/custom/definitions/policy/LA-Microsoft.AnalysisServices-servers/azurepolicy.rules.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.AnalysisServices/servers"
},
{
"field": "location",
"in": "[parameters('AzureRegions')]"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "[parameters('LogsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "[parameters('MetricsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalytics')]"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"logAnalytics": {
"type": "string"
},
"metricsEnabled": {
"type": "string"
},
"logsEnabled": {
"type": "string"
},
"profileName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.AnalysisServices/servers/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('name'), '/', 'Microsoft.Insights/', parameters('profileName'))]",
"location": "[parameters('location')]",
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": "[parameters('metricsEnabled')]",
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
],
"logs": [
{
"category": "Engine",
"enabled": "[parameters('logsEnabled')]"
},
{
"category": "Service",
"enabled": "[parameters('logsEnabled')]"
}
]
}
}
],
"outputs": {
"policy": {
"type": "string",
"value": "[concat(parameters('logAnalytics'), 'configured for diagnostic logs for ', ': ', parameters('name'))]"
}
}
},
"parameters": {
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
},
"location": {
"value": "[field('location')]"
},
"name": {
"value": "[field('name')]"
},
"metricsEnabled": {
"value": "[parameters('metricsEnabled')]"
},
"logsEnabled": {
"value": "[parameters('logsEnabled')]"
},
"profileName": {
"value": "[parameters('profileName')]"
}
}
}
}
}
}
}
4 changes: 4 additions & 0 deletions policy/custom/definitions/policy/LA-Microsoft.ApiManagement-service/azurepolicy.config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "Deploy Diagnostic Settings for API Management to Log Analytics Workspaces",
"mode": "indexed"
}
49 changes: 49 additions & 0 deletions .../custom/definitions/policy/LA-Microsoft.ApiManagement-service/azurepolicy.parameters.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"profileName": {
"type": "String",
"metadata": {
"displayName": "Profile Name for Config",
"description": "The profile name Azure Diagnostics"
}
},
"logAnalytics": {
"type": "string",
"metadata": {
"displayName": "logAnalytics",
"description": "The target Log Analytics Workspace for Azure Diagnostics",
"strongType": "omsWorkspace"
}
},
"azureRegions": {
"type": "Array",
"metadata": {
"displayName": "Allowed Locations",
"description": "The list of locations that can be specified when deploying resources",
"strongType": "location"
}
},
"metricsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable Metrics",
"description": "Enable Metrics - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "False"
},
"logsEnabled": {
"type": "String",
"metadata": {
"displayName": "Enable Logs",
"description": "Enable Logs - True or False"
},
"allowedValues": [
"True",
"False"
],
"defaultValue": "True"
}
}
126 changes: 126 additions & 0 deletions policy/custom/definitions/policy/LA-Microsoft.ApiManagement-service/azurepolicy.rules.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.ApiManagement/service"
},
{
"field": "location",
"in": "[parameters('AzureRegions')]"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "[parameters('LogsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "[parameters('MetricsEnabled')]"
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[parameters('logAnalytics')]"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"logAnalytics": {
"type": "string"
},
"metricsEnabled": {
"type": "string"
},
"logsEnabled": {
"type": "string"
},
"profileName": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.ApiManagement/service/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('name'), '/', 'Microsoft.Insights/', parameters('profileName'))]",
"location": "[parameters('location')]",
"properties": {
"workspaceId": "[parameters('logAnalytics')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": "[parameters('metricsEnabled')]",
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
],
"logs": [
{
"category": "GatewayLogs",
"enabled": "[parameters('logsEnabled')]"
},
{
"category": "WebSocketConnectionLogs",
"enabled": "[parameters('logsEnabled')]"
}
]
}
}
],
"outputs": {
"policy": {
"type": "string",
"value": "[concat(parameters('logAnalytics'), 'configured for diagnostic logs for ', ': ', parameters('name'))]"
}
}
},
"parameters": {
"logAnalytics": {
"value": "[parameters('logAnalytics')]"
},
"location": {
"value": "[field('location')]"
},
"name": {
"value": "[field('name')]"
},
"metricsEnabled": {
"value": "[parameters('metricsEnabled')]"
},
"logsEnabled": {
"value": "[parameters('logsEnabled')]"
},
"profileName": {
"value": "[parameters('profileName')]"
}
}
}
}
}
}
}
4 changes: 4 additions & 0 deletions policy/custom/definitions/policy/LA-Microsoft.Cache-Redis/azurepolicy.config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"name": "Deploy Diagnostic Settings for Redis Cache to Log Analytics Workspaces",
"mode": "indexed"
}
Loading

0 comments on commit fff245d

Please sign in to comment.