Skip to content

Instantly share code, notes, and snippets.

@krnese

krnese/PolicyDefinition

Created August 17, 2023 17:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save krnese/c138c539c57930905dae084b16ffd523 to your computer and use it in GitHub Desktop.
Save krnese/c138c539c57930905dae084b16ffd523 to your computer and use it in GitHub Desktop.
Download ZIP
Azure Policy for Azure Activity Diagnostic to Event Hub
Raw
PolicyDefinition
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Authorization/policyDefinitions",
"apiVersion": "2021-06-01",
"name": "Diag-AzAc-EH",
"properties": {
"description": "Deploys the diagnostic settings for Activity Log to stream to a regional Event Hub when any Subscription which is missing this diagnostic settings is created or updated.",
"displayName": "Deploy Diagnostic Settings for Activity Log to Event Hub",
"parameters": {
"eventHubRuleId": {
"type": "String",
"metadata": {
"displayName": "Event Hub Authorization Rule Id",
"description": "The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}",
"strongType": "Microsoft.EventHub/Namespaces/AuthorizationRules",
"assignPermissions": true
}
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effects",
"description": "Enable or disable the execution of the Policy."
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
},
"profileName": {
"type": "String",
"metadata": {
"displayName": "Profile name",
"description": "The diagnostic settings profile name"
},
"defaultValue": "setbypolicy_eventHub"
}
},
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
}
]
},
"then": {
"effect": "[[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"ExistenceScope": "Subscription",
"DeploymentScope": "Subscription",
"ExistenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/eventHubAuthorizationRuleId",
"equals": "[[parameters('eventHubRuleId')]"
},
{
"field": "name",
"equals": "[[parameters('profileName')]"
}
]
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
],
"deployment": {
"location": "eastus",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"eventHubRuleId": {
"type": "String"
},
"profileName": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[[parameters('profileName')]",
"location": "global",
"properties": {
"eventHubAuthorizationRuleId": "[[parameters('eventHubRuleId')]",
"logs": [
{
"category": "Administrative",
"enabled": true
},
{
"category": "Security",
"enabled": true
},
{
"category": "ServiceHealth",
"enabled": true
},
{
"category": "Alert",
"enabled": true
},
{
"category": "Recommendation",
"enabled": true
},
{
"category": "Policy",
"enabled": true
},
{
"category": "Autoscale",
"enabled": true
},
{
"category": "ResourceHealth",
"enabled": true
}
]
}
}
]
},
"parameters": {
"eventHubRuleId": {
"value": "[[parameters('eventHubRuleId')]"
},
"profileName": {
"value": "[[parameters('profileName')]"
}
}
}
}
}
}
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment