How do you enable Azure Key Vault logging using Terraform 11.14?
Asked
Active
Viewed 3,415 times
2 Answers
6
You could refer to this example to enable diagnostic_setting for existing Azure Key vault.
For example, this works for me. I am using Terraform v0.12.5 + provider.azurerm v1.32.0
EDIT: You do not need to quote the identifiers in v0.12+ as there are no functions present, i.e. data.azurerm_key_vault.test.id vs "${data.azurerm_key_vault.test.id}"
data "azurerm_resource_group" "test"{
name = "myrg"
}
data "azurerm_key_vault" "test" {
name = "mykeyvault"
resource_group_name = "${data.azurerm_resource_group.test.name}"
}
data "azurerm_log_analytics_workspace" "test" {
name = "myloganalytics"
resource_group_name = "${data.azurerm_resource_group.test.name}"
}
data "azurerm_storage_account" "test" {
name = "mystorageaccountname"
resource_group_name = "${data.azurerm_resource_group.test.name}"
}
resource "azurerm_monitor_diagnostic_setting" "test" {
name = "example"
target_resource_id = "${data.azurerm_key_vault.test.id}"
storage_account_id = "${data.azurerm_storage_account.test.id}"
log_analytics_workspace_id = "${data.azurerm_log_analytics_workspace.test.id}"
log {
category = "AuditEvent"
enabled = false
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = false
}
}
}
David Gardiner
- 16,892
- 20
- 80
- 117
Nancy
- 26,865
- 3
- 18
- 34
0
resource "azurerm_monitor_diagnostic_setting" "diagnostic-log-analytic" {
name = "diagnostic-setting"
target_resource_id = azurerm_key_vault.<Your KeyVault>.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.<Your Log Analytics WS>.id
log {
category = "AuditEvent"
enabled = true
}
metric {
category = "AllMetrics"
enabled = true
}
}
Michael Kemmerzell
- 4,802
- 4
- 27
- 43