-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathazure-monitor.bicep
122 lines (111 loc) · 3.01 KB
/
azure-monitor.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
param amplsPrivateDnsZones array
param environment string
param keyVaultName string
param location string
param locationPrefix string
param managedIdentityId string
param subnetId string
param tags object
var privateDnsZoneConfigs = [ for zone in amplsPrivateDnsZones : {
name: replace(zone, '.', '-')
properties: {
privateDnsZoneId: resourceId('Microsoft.Network/privateDnsZones', zone)
}
}]
resource keyVaultACA 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: keyVaultName
}
resource ampls 'microsoft.insights/privateLinkScopes@2021-07-01-preview' = {
name: 'ampls-${locationPrefix}-${environment}'
location: 'global'
tags: tags
properties: {
accessModeSettings: {
ingestionAccessMode: 'PrivateOnly'
queryAccessMode: 'Open'
}
}
}
resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
name: 'log-aca-${environment}'
location: location
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${managedIdentityId}' : {}
}
}
properties: {
retentionInDays: 30
sku: {
name: 'PerGB2018'
}
publicNetworkAccessForIngestion: 'Disabled'
publicNetworkAccessForQuery: 'Enabled'
}
tags: tags
}
resource logAnalyticsAMPLSConnection 'Microsoft.Insights/privateLinkScopes/scopedResources@2021-07-01-preview' = {
name: 'ampls-${logAnalytics.name}'
parent: ampls
properties: {
linkedResourceId: logAnalytics.id
}
}
resource privateEndpointAMPLS 'Microsoft.Network/privateEndpoints@2023-04-01' = {
name: 'pe-${ampls.name}'
location: location
properties: {
customNetworkInterfaceName: '${ampls.name}-nic-deluxe'
privateLinkServiceConnections: [
{
name: 'psc-${ampls.name}'
properties: {
privateLinkServiceId: ampls.id
groupIds: [
'azuremonitor'
]
}
}
]
subnet: {
id: subnetId
}
}
dependsOn: [logAnalyticsAMPLSConnection]
tags: tags
}
resource amplsPrivateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2023-04-01' = {
name: 'default'
parent: privateEndpointAMPLS
properties: {
privateDnsZoneConfigs: privateDnsZoneConfigs
}
}
resource logAnalyticsKeySecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
parent: keyVaultACA
name: '${logAnalytics.name}-key'
properties: {
attributes: {
enabled: true
}
value: logAnalytics.listKeys().primarySharedKey
}
tags: tags
}
resource kvDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: keyVaultName
scope: keyVaultACA
properties: {
workspaceId: logAnalytics.id
logs: [
{
categoryGroup: 'audit'
enabled: true
}
]
}
}
output logAnalyticsWorkspaceId string = logAnalytics.id
output logAnalyticsCustomerId string = logAnalytics.properties.customerId
output logAnalyticsKey string = logAnalyticsKeySecret.name