Adds log analytics configuration to postgres

terraform/modules/postgres/main.tf

@@ -35,3 +35,33 @@ resource "azurerm_postgresql_virtual_network_rule" "sql" {
   subnet_id                            = var.subnet_id
   ignore_missing_vnet_service_endpoint = true
 }
+
+resource "azurerm_postgresql_database" "db" {
+  name                = "${var.name}-${var.environment}-atat"
+  resource_group_name = azurerm_resource_group.sql.name
+  server_name         = azurerm_postgresql_server.sql.name
+  charset             = "UTF8"
+  collation           = "en-US"
+}
+
+resource "azurerm_monitor_diagnostic_setting" "postgresql_diagnostic" {
+  name                       = "${var.name}-${var.environment}-postgresql-diag"
+  target_resource_id         = azurerm_postgresql_server.sql.id
+  log_analytics_workspace_id = var.workspace_id
+
+  log {
+    category = "PostgreSQLLogs"
+    enabled  = true
+
+    retention_policy {
+      enabled = true
+    }
+  }
+  metric {
+    category = "AllMetrics"
+
+    retention_policy {
+      enabled = true
+    }
+  }
+}

terraform/modules/postgres/variables.tf

@@ -93,3 +93,8 @@ variable "ssl_enforcement" {
   description = "Enforce SSL (Enabled/Disable)"
   default     = "Enabled"
 }
+
+variable "workspace_id" {
+  description = "Log Analytics workspace for this resource to log to"
+  type        = string
+}

terraform/providers/dev/postgres.tf

@@ -14,7 +14,8 @@ module "sql" {
   owner                        = var.owner
   environment                  = var.environment
   region                       = var.region
-  subnet_id                    = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
+  subnet_id                    = module.vpc.subnet_list["private"].id
   administrator_login          = data.azurerm_key_vault_secret.postgres_username.value
   administrator_login_password = data.azurerm_key_vault_secret.postgres_password.value
+  workspace_id                 = module.logs.workspace_id
 }