Last active
November 12, 2021 11:32
-
-
Save lindacmsheard/adea08fe4702ac9a43ed017ce3605a06 to your computer and use it in GitHub Desktop.
sample terraform spec for a cosmos db that sends logs to log analytics
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This terraform spec provisions | |
| # - Azure resource group | |
| # - Azure Cosmos DB Account (SQL API, Analytics Storage enabled) | |
| # - Azure Log Analytics Workspace | |
| # - Diagnostic Setting that sends Cosmos DB logs to the Log Analytics Workspace | |
| # - A Cosmos database in the account (SQL API document db) | |
| # - A container in the database, with throughput and indexing configurations | |
| # Set up terraform (basic example, local backend) | |
| terraform { | |
| required_providers { | |
| azurerm = { | |
| source = "hashicorp/azurerm" | |
| version = "2.81.0" | |
| } | |
| random = { | |
| source = "hashicorp/random" | |
| } | |
| } | |
| } | |
| # Setup up Azure provider (minimal example, using Azure CLI auth) | |
| provider "azurerm" { | |
| features {} | |
| } | |
| # Set up variables (optional) | |
| variable "location" { | |
| description = "Azure region" | |
| type = string | |
| default = "uksouth" | |
| } | |
| variable "env" { | |
| description = "Prefix to distinguish environments and avoid naming conflicts when deploying in multiple locations" | |
| type = string | |
| default = "spike" | |
| } | |
| variable "project" { | |
| description = "Project Name" | |
| type = string | |
| default = "projectname" | |
| } | |
| # Configure resource group (Note, this code uses terraform variables to define the name - this can be replaced with an explicit string) | |
| resource "azurerm_resource_group" "rg" { | |
| name = "${var.env}-${var.project}-rg" | |
| location = var.location | |
| } | |
| # this random integer will be remembered in terraform state, so stays the same when running terraform apply again | |
| resource "random_integer" "ri" { | |
| min = 10000 | |
| max = 99999 | |
| } | |
| # configure cosmos db acount - here one that has analytical store (synapse link) enabled | |
| # Note that backup has to be "Periodic", not "Continuous", when analytical store is enabled | |
| resource "azurerm_cosmosdb_account" "dbsqlanalytical" { | |
| name = "sql-cosmos-analytical-${random_integer.ri.result}" | |
| location = azurerm_resource_group.rg.location | |
| resource_group_name = azurerm_resource_group.rg.name | |
| offer_type = "Standard" | |
| kind = "GlobalDocumentDB" | |
| enable_automatic_failover = false | |
| analytical_storage_enabled = true | |
| geo_location { | |
| location = azurerm_resource_group.rg.location | |
| failover_priority = 0 | |
| } | |
| consistency_policy { | |
| consistency_level = "Session" | |
| #consistency_level = "BoundedStaleness" | |
| #max_interval_in_seconds = 10 | |
| #max_staleness_prefix = 200 | |
| } | |
| backup { | |
| type = "Periodic" | |
| interval_in_minutes=1440 | |
| retention_in_hours=8 | |
| } | |
| } | |
| # provision log analytics | |
| resource "azurerm_log_analytics_workspace" "loganalytics" { | |
| name = "${var.env}-${var.project}-loganalytics" | |
| location = azurerm_resource_group.rg.location | |
| resource_group_name = azurerm_resource_group.rg.name | |
| sku = "PerGB2018" | |
| retention_in_days = 30 | |
| } | |
| # configure diagnostic settings that link the cosmos db account to the log analytics instance | |
| resource "azurerm_monitor_diagnostic_setting" "cosmosdbdiagnostic" { | |
| name = "cosmoslogsetting" | |
| target_resource_id = azurerm_cosmosdb_account.dbsqlanalytical.id | |
| log_analytics_workspace_id = azurerm_log_analytics_workspace.loganalytics.id | |
| # resource-specific tables save on space used in logananalytics: | |
| log_analytics_destination_type = "Dedicated" | |
| log { | |
| category = "DataPlaneRequests" | |
| enabled = true | |
| } | |
| log { | |
| category = "QueryRuntimeStatistics" | |
| enabled = true | |
| } | |
| log { | |
| category = "PartitionKeyStatistics" | |
| enabled = true | |
| } | |
| log { | |
| category = "PartitionKeyRUConsumption" | |
| enabled = true | |
| } | |
| log { | |
| category = "ControlPlaneRequests" | |
| enabled = false | |
| } | |
| } | |
| # create a database (sql api) | |
| # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_database | |
| resource "azurerm_cosmosdb_sql_database" "maindb" { | |
| name = "maindb" | |
| resource_group_name = azurerm_cosmosdb_account.dbsqlanalytical.resource_group_name | |
| account_name = azurerm_cosmosdb_account.dbsqlanalytical.name | |
| throughput = 400 | |
| } | |
| # create a container | |
| # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_sql_container | |
| resource "azurerm_cosmosdb_sql_container" "testdocs" { | |
| name = "testdocs" | |
| resource_group_name = azurerm_cosmosdb_account.dbsqlanalytical.resource_group_name | |
| account_name = azurerm_cosmosdb_account.dbsqlanalytical.name | |
| database_name = azurerm_cosmosdb_sql_database.maindb.name | |
| partition_key_path = "/pk" | |
| partition_key_version = 1 | |
| throughput = 400 | |
| indexing_policy { | |
| indexing_mode = "Consistent" | |
| included_path { | |
| path = "/*" | |
| } | |
| excluded_path { | |
| path = "/excluded/?" | |
| } | |
| } | |
| # unique_key { | |
| # paths = ["/definition/idlong", "/definition/idshort"] | |
| # } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment