Azure : Deploy Diagnostic Settings using Bicep
Azure Diagnostic Settings is used to send Azure resource’s platform logs and metrics to the destination of your choice. We can use this to connect a resource to a Log Analytics Workspace for log gathering.
We can add the Diagnostic Settings manually under each resource. The challenge is that when we try to do export template, the diagnostic settings is not included in the template. It’s a bit hard to find documentation on how to deploy it automatically, so it took me a while to figure out how to do it. So, let’s see how to do it in bicep.
To create a Diagnostic Settings, we need to make use of Microsoft.Insights/diagnosticSettings. Let’s say we have a resource below that we want to attach Diagnostic Settings into it.
param logicAppName string
param logAnalyticsWorkspaceId string
param logicAppName string
param location string
resource resource_logicapp 'Microsoft.Logic/workflows@2017-07-01' = {
name: logicAppName
location: location
properties: {
state: 'Enabled'
definition: {
'$schema': 'https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#'
contentVersion: '1.0.0.0'
parameters: {
}
triggers: {
manual: {
type: 'Request'
kind: 'Http'
inputs: {
schema: {
}
}
}
}
actions: {
}
outputs: {
}
}
parameters: {
}
}
}
We just need to add below Diagnostic Settings under it.
resource resource_logicapp_diagnosticsettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
scope: resource_logicapp
name: logicAppName
properties: {
workspaceId: logAnalyticsWorkspaceId
logs: [
{
categoryGroup: 'allLogs'
enabled: true
retentionPolicy: {
enabled: true
days: 90
}
}
]
metrics: [
{
category: 'AllMetrics'
enabled: true
}
]
}
}
There are four points to pay attention here:
1. Scope: This is a reference to the resource that you want to connect.
2. Name: This is the resource name that we want to connect to the Log Analytics Workspace.
3. WorkspaceId: This is the Log Analytics Workspace Id.
4. Logs / metrics: This is what we want to log. Each resource has different types of log. You will need to go see the resource and figure out what is available for each resource. We can use allLogs or AllMetrics to record all types of log and metric.
When we deploy the bicep, the Diagnostic Settings will be added automatically.
How can we enable diagnostic setting in Azure active directory via Bicep code. Also is it possible to use service principle authentication to enable diagnostic setting via bicep code using devops pipeline.
Hi Nina,
The post is about enabling diagnostic setting using Bicep.
resource_logicapp_diagnosticsettings is the code needed for diagnostic setting.
You should be able to use service principle authentication.