JPRuskin/AzureLogContainerCreation.ps1

## AzureLogContainerCreation.ps1
function Add-AzStorageAccount {
    <#
        .Synopsis
            This function creates a standardised storage account in the ResourceGroupName

        .Example
            Add-QmAzStorageAccount -ResourceGroupName AUSC1-FRG -Name ausc1frgdiagag3249b -Location "uscentral"
    #>
    [CmdletBinding()]
    param(
        # Resource group to create the storage account in
        [Parameter(Mandatory)]
        [string]$ResourceGroupName,

        # Name of the storage account to create
        [ValidateScript({
            if ($_ -cmatch "[^a-z0-9]") {
                # TODO: This probably needs to look for _other_ bad chars, too. Maybe see if one of the Az modules exposes a validator?
                throw "'$_' must contain nothing but lower case alphanumeric characters"
            }
            $true
        })]
        [Parameter(Mandatory, ValueFromPipeline)]
        [string]$Name,

        # Storage account Sku to use
        [string]$SkuName = "Standard_LRS",

        # Azure location to create the storage account in
        [Parameter(Mandatory)]
        [string]$Location
    )
    process {
        $StorageAccount = @{
            ResourceGroupName = $ResourceGroupName
            Name = $Name
        }

        if (-not ($ActualAccount = Get-AzStorageAccount @StorageAccount -ErrorAction SilentlyContinue)) {
            $StorageRequest = @{
                SkuName  = $SkuName
                Location = $Location
                Kind     = "Storage"  # V2? It's the new default
            }
            Write-Verbose "Creating Storage Account '$($Name)' in '$($ResourceGroupName)'"
            $ActualAccount = New-AzStorageAccount @StorageAccount @StorageRequest
        }

        $ActualAccount = Set-AzStorageAccount @StorageAccount -SkuName $SkuName -StorageEncryption
    }
}

function Add-AzLogContainer {
    <#
        .Synopsis
            Creates a storage account container with QM-standardised policies for immutability and retention

        .Example
            Add-QmAzLogContainer -StorageAccountName ausc1frgdiagblah -Name sqlmilogs

            # Creates a sqlmilogs container in the ausc1frgdiagblah account
    #>
    [CmdletBinding()]
    param(
        # Storage Account to create the container in
        [Parameter(Mandatory)]
        [string]$StorageAccountName,

        # Name of the container
        [Parameter(Mandatory)]
        [string]$Name,

        # Retention Time, in days
        [uint16]$RetentionTime = 90,

        # When set, locks the immutability policy
        [switch]$LockPolicy
    )
    end {
        if (-not ($StorageAccount = Get-AzStorageAccount | Where-Object StorageAccountName -eq $StorageAccountName)) {
            Write-Error "StorageAccount '$($StorageAccountName)' is not found in the current Azure context" -ErrorAction Stop
        }

        if (-not ($Container = Get-AzStorageContainer -Context $StorageAccount.Context -Name $Name -ErrorAction SilentlyContinue)) {
            Write-Verbose "Creating Container '$($Name)' in '$($StorageAccountName)'"
            $Container = New-AzStorageContainer -Context $StorageAccount.Context -Name $Name
        }

        $ContainerID = @{
            ResourceGroupName         = $StorageAccount.ResourceGroupName
            StorageAccountName        = $StorageAccount.StorageAccountName
            ContainerName             = $Container.Name
        }
        if (($ContainerPolicy = Get-AzRmStorageContainerImmutabilityPolicy @ContainerID).ImmutabilityPeriodSinceCreationInDays -ne $RetentionTime) {
            $ImmutabilityPolicyArgs = @{
                ImmutabilityPeriod        = $RetentionTime
                AllowProtectedAppendWrite = $true
            }
            Write-Verbose "Adding $($RetentionTime) day Retention Policy to '$($Container.Name)'"
            $ContainerPolicy = Set-AzRmStorageContainerImmutabilityPolicy @ContainerID @ImmutabilityPolicyArgs
        }

        if ($ContainerPolicy.State -eq 'Unlocked' -and $LockPolicy) {
            Write-Verbose "Locking '$($ContainerPolicy.Etag)' on '$($Container.Name)'"
            Lock-AzRmStorageContainerImmutabilityPolicy @ContainerID -Etag $ContainerPolicy.Etag -Force
        }
    }
}
	function Add-AzStorageAccount {
	<#
	.Synopsis
	This function creates a standardised storage account in the ResourceGroupName

	.Example
	Add-QmAzStorageAccount -ResourceGroupName AUSC1-FRG -Name ausc1frgdiagag3249b -Location "uscentral"
	#>
	[CmdletBinding()]
	param(
	# Resource group to create the storage account in
	[Parameter(Mandatory)]
	[string]$ResourceGroupName,

	# Name of the storage account to create
	[ValidateScript({
	if ($_ -cmatch "[^a-z0-9]") {
	# TODO: This probably needs to look for _other_ bad chars, too. Maybe see if one of the Az modules exposes a validator?
	throw "'$_' must contain nothing but lower case alphanumeric characters"
	}
	$true
	})]
	[Parameter(Mandatory, ValueFromPipeline)]
	[string]$Name,

	# Storage account Sku to use
	[string]$SkuName = "Standard_LRS",

	# Azure location to create the storage account in
	[Parameter(Mandatory)]
	[string]$Location
	)
	process {
	$StorageAccount = @{
	ResourceGroupName = $ResourceGroupName
	Name = $Name
	}

	if (-not ($ActualAccount = Get-AzStorageAccount @StorageAccount -ErrorAction SilentlyContinue)) {
	$StorageRequest = @{
	SkuName = $SkuName
	Location = $Location
	Kind = "Storage" # V2? It's the new default
	}
	Write-Verbose "Creating Storage Account '$($Name)' in '$($ResourceGroupName)'"
	$ActualAccount = New-AzStorageAccount @StorageAccount @StorageRequest
	}

	$ActualAccount = Set-AzStorageAccount @StorageAccount -SkuName $SkuName -StorageEncryption
	}
	}

	function Add-AzLogContainer {
	<#
	.Synopsis
	Creates a storage account container with QM-standardised policies for immutability and retention

	.Example
	Add-QmAzLogContainer -StorageAccountName ausc1frgdiagblah -Name sqlmilogs

	# Creates a sqlmilogs container in the ausc1frgdiagblah account
	#>
	[CmdletBinding()]
	param(
	# Storage Account to create the container in
	[Parameter(Mandatory)]
	[string]$StorageAccountName,

	# Name of the container
	[Parameter(Mandatory)]
	[string]$Name,

	# Retention Time, in days
	[uint16]$RetentionTime = 90,

	# When set, locks the immutability policy
	[switch]$LockPolicy
	)
	end {
	if (-not ($StorageAccount = Get-AzStorageAccount \| Where-Object StorageAccountName -eq $StorageAccountName)) {
	Write-Error "StorageAccount '$($StorageAccountName)' is not found in the current Azure context" -ErrorAction Stop
	}

	if (-not ($Container = Get-AzStorageContainer -Context $StorageAccount.Context -Name $Name -ErrorAction SilentlyContinue)) {
	Write-Verbose "Creating Container '$($Name)' in '$($StorageAccountName)'"
	$Container = New-AzStorageContainer -Context $StorageAccount.Context -Name $Name
	}

	$ContainerID = @{
	ResourceGroupName = $StorageAccount.ResourceGroupName
	StorageAccountName = $StorageAccount.StorageAccountName
	ContainerName = $Container.Name
	}
	if (($ContainerPolicy = Get-AzRmStorageContainerImmutabilityPolicy @ContainerID).ImmutabilityPeriodSinceCreationInDays -ne $RetentionTime) {
	$ImmutabilityPolicyArgs = @{
	ImmutabilityPeriod = $RetentionTime
	AllowProtectedAppendWrite = $true
	}
	Write-Verbose "Adding $($RetentionTime) day Retention Policy to '$($Container.Name)'"
	$ContainerPolicy = Set-AzRmStorageContainerImmutabilityPolicy @ContainerID @ImmutabilityPolicyArgs
	}

	if ($ContainerPolicy.State -eq 'Unlocked' -and $LockPolicy) {
	Write-Verbose "Locking '$($ContainerPolicy.Etag)' on '$($Container.Name)'"
	Lock-AzRmStorageContainerImmutabilityPolicy @ContainerID -Etag $ContainerPolicy.Etag -Force
	}
	}
	}