Configures container registry to log to a log analytics workspace
This commit is contained in:
parent
0900c01d88
commit
3e4244fc6d
@ -36,8 +36,32 @@ resource "azurerm_container_registry" "acr" {
|
||||
virtual_network = [
|
||||
for subnet in var.subnet_ids : {
|
||||
action = "Allow"
|
||||
subnet_id = subnet.value
|
||||
subnet_id = subnet
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "azurerm_monitor_diagnostic_setting" "acr_diagnostic" {
|
||||
name = "${var.name}-${var.environment}-acr-diag"
|
||||
target_resource_id = azurerm_container_registry.acr.id
|
||||
log_analytics_workspace_id = var.workspace_id
|
||||
log {
|
||||
category = "ContainerRegistryRepositoryEvents"
|
||||
retention_policy {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
log {
|
||||
category = "ContainerRegistryLoginEvents"
|
||||
retention_policy {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
metric {
|
||||
category = "AllMetrics"
|
||||
retention_policy {
|
||||
enabled = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -52,3 +52,8 @@ variable "whitelist" {
|
||||
description = "A map of whitelisted IPs and CIDR ranges. For single IPs, Azure expects just the IP, NOT a /32."
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "workspace_id" {
|
||||
description = "The Log Analytics Workspace ID"
|
||||
type = string
|
||||
}
|
@ -6,6 +6,7 @@ module "container_registry" {
|
||||
owner = var.owner
|
||||
backup_region = var.backup_region
|
||||
policy = "Deny"
|
||||
subnet_ids = []
|
||||
subnet_ids = [module.vpc.subnet_list["private"].id]
|
||||
whitelist = var.admin_user_whitelist
|
||||
workspace_id = module.logs.workspace_id
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user