Skip to content

Instantly share code, notes, and snippets.

@krnese

krnese/keyvault

Created October 28, 2020 11:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save krnese/c03260a773eebfc27f42de5d3c1ea6ce to your computer and use it in GitHub Desktop.
Save krnese/c03260a773eebfc27f42de5d3c1ea6ce to your computer and use it in GitHub Desktop.
Download ZIP
Raw
keyvault
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2019-06-01",
"name": "keyvaultDiag",
"properties": {
"description": "key vault policy",
"displayName": "Deploy-Diag-KeyVault",
"mode": "indexed",
"parameters": {
"logAnalytics": {
"type": "string",
"metadata": {
"strongType": "omsWorkspace"
}
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.KeyVault/vaults"
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"equals": "[[parameters('logAnalytics')]"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"parameters": {
"logAnalytics": {
"value": "[[parameters('logAnalytics')]"
},
"location": {
"value": "[[field('location')]"
},
"vaultName": {
"value": "[[field('name')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vaultName": {
"type": "string"
},
"logAnalytics": {
"type": "string"
},
"location": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[[concat(parameters('vaultName'), '/', 'Microsoft.Insights/setByPolicy')]",
"location": "[[parameters('location')]",
"properties": {
"workspaceId": "[[parameters('logAnalytics')]",
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"enabled": false,
"days": 0
}
}
],
"logs": [
{
"category": "AuditEvent",
"enabled": true
}
]
}
}
],
"outputs": {}
}
}
}
}
}
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment