Configures container registry to log to a log analytics workspace

This commit is contained in:
Rob Gil 2020-01-27 12:44:08 -05:00
parent 0900c01d88
commit 3e4244fc6d
3 changed files with 33 additions and 3 deletions

View File

@ -36,8 +36,32 @@ resource "azurerm_container_registry" "acr" {
virtual_network = [
for subnet in var.subnet_ids : {
action = "Allow"
subnet_id = subnet.value
subnet_id = subnet
}
]
}
}
}
resource "azurerm_monitor_diagnostic_setting" "acr_diagnostic" {
name = "${var.name}-${var.environment}-acr-diag"
target_resource_id = azurerm_container_registry.acr.id
log_analytics_workspace_id = var.workspace_id
log {
category = "ContainerRegistryRepositoryEvents"
retention_policy {
enabled = true
}
}
log {
category = "ContainerRegistryLoginEvents"
retention_policy {
enabled = true
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = true
}
}
}

View File

@ -52,3 +52,8 @@ variable "whitelist" {
description = "A map of whitelisted IPs and CIDR ranges. For single IPs, Azure expects just the IP, NOT a /32."
default = {}
}
variable "workspace_id" {
description = "The Log Analytics Workspace ID"
type = string
}

View File

@ -6,6 +6,7 @@ module "container_registry" {
owner = var.owner
backup_region = var.backup_region
policy = "Deny"
subnet_ids = []
subnet_ids = [module.vpc.subnet_list["private"].id]
whitelist = var.admin_user_whitelist
workspace_id = module.logs.workspace_id
}