Enabling Activity Logs Diagnostic Settings using Terraform
Currently there exists a module to create a Log Diagnostic Setting for Azure Resources linked here. Using the portal I am able to generate a log diagnostic setting for activity logs as well as mentioned here. I was trying to enable activity logs diagnostic settings and send logs to a Storage account and only came across this module.
However it seems that it is not possible to use this module to send Activity logs to a Log analytics workspace. It also does not support the Log categories which are mentioned in the portal (i.e Administrative
,Security
, ServiceHealth
etc) and only provides Action
,Delete
and Write
. This leads me to believe that they are not intended to be used for the same purpose. The first module requires a target_resource_id
and since Activity logs exist in the subscription level no such id exists.
As such is it possible to use the first mentioned module, or an entirely different module to enable diagnostic settings? Any help regarding the matter would be appreciated
Solution 1:
You can configure this by specifying the subscription id as the target_resource_id within a azurerm_monitor_diagnostic_setting resource.
Example:
resource "azurerm_monitor_diagnostic_setting" "example" {
name = "example"
target_resource_id = "/subscriptions/85306735-db49-41be-b899-b0fc48095b01"
eventhub_name = azurerm_eventhub.diagnostics.name
eventhub_authorization_rule_id = azurerm_eventhub_namespace_authorization_rule.diagnostics.id
log {
category = "Administrative"
retention_policy {
enabled = false
}
}