wiki.getshifting.com

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools

Trace: Terraform Module for setting Diagnostic Settings to send logs to a Log Analytics Workspace
terraformmodulediagnosticsettings

Table of Contents

Terraform Module for setting Diagnostic Settings to send logs to a Log Analytics Workspace

Summary: This is a terraform module that I use to configure diagnostic setting on Azure Resources to send diagnostics and logs to a Log Analytics Workspace.
Date: 8 February 2025

,

Read the post to learn more about diagnostic settings and:

  • How to deploy diagnostic settings using a terraform module

About Diagnostic Settings

Diagnostic settings are a way to send azure platform logs and metrics to a destination. The destination can be a storage account, an event hub, or a log analytics workspace. In this module, we will use a log analytics workspace as the destination.

Terraform Module for Diagnostic Settings

The module for the Diagnostic Settings is defined over three files:

  • main.tf: Contains the resources to create the Diagnostic Settings
  • variables.tf: Contains the input variables for the Diagnostic Settings
  • readme.md: Contains the documentation for the module. It also contains examples on how to use the module.

main.tf

Notice the following:

  • The data object “azurerm_monitor_diagnostic_categories” “categories” is used to get the categories of the diagnostic settings for the target resource. That way you don't have to specify the categories yourself.
    • This also means that all categories are enabled by default.
main.tf
data "azurerm_monitor_diagnostic_categories" "categories" {
  count       = length(var.targets_resource_id)
  resource_id = var.targets_resource_id[count.index]
}
 
resource "azurerm_monitor_diagnostic_setting" "diagnostic_setting" {
  count                      = length(var.targets_resource_id)
  name                       = split("/", var.log_analytics_workspace_id)[length(split("/", var.log_analytics_workspace_id)) - 1]
  target_resource_id         = data.azurerm_monitor_diagnostic_categories.categories[count.index].id
  log_analytics_workspace_id = var.log_analytics_workspace_id
 
  dynamic "metric" {
    for_each = data.azurerm_monitor_diagnostic_categories.categories[count.index].metrics
    content {
      category = metric.value
      enabled  = true
    }
  }
 
  dynamic "enabled_log" {
    for_each = data.azurerm_monitor_diagnostic_categories.categories[count.index].log_category_types
    content {
      category = enabled_log.value
    }
  }
}

variables.tf

Note that most of the descriptions are copied from the terraform registry.
variables.tf
variable "targets_resource_id" {
  description = "(Required) The list of ID of an existing Resource on which to configure Diagnostic Settings. Changing this forces a new resource to be created."
}
 
variable "log_analytics_workspace_id" {
  description = "(Required) Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent."
}

readme.md

The readme has some documentation links and examples on how to use the module.
readme.md
# Diagnostic Settings
 
This module deploys diagnostic settings for a resource, enabling all available logs and metrics.
 
## Resources
 
[Diagnostic settings in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings)
[Terraform Registry azurerm_monitor_diagnostic_setting](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting)
 
## Using the module for a single resource
 
Use the module to set diagnostic settings for a single resource:
 
```terraform
module "diagnostic_settings" {
  source                     = "../modules/diagnostic_settings_all"
  log_analytics_workspace_id = var.law_id
  targets_resource_id = [
    azurerm_postgresql_flexible_server.postgresql_flexible_server.id
  ]
}
```
 
## Using the module for multiple resources at once
 
You can use the module for multiple resources at once by providing a list of resource IDs, see here an example on setting diagnostic settings for multiple resources:
 
```terraform
module "sa_diag" {
  source                     = "../modules/diagnostic_settings_all"
  log_analytics_workspace_id = var.law_id
  targets_resource_id = [
    azurerm_postgresql_flexible_server.postgresql_flexible_server.id
    azurerm_storage_account.sa.id,
    join("", [azurerm_storage_account.sa.id, "/blobServices/default"]),
    join("", [azurerm_storage_account.sa.id, "/fileServices/default"])]
}
```
terraformmodulediagnosticsettings.txt · Last modified: by 127.0.0.1