Aad
data class AadDiagnosticSettingArgs(val enabledLogs: Output<List<AadDiagnosticSettingEnabledLogArgs>>? = null, val eventhubAuthorizationRuleId: Output<String>? = null, val eventhubName: Output<String>? = null, val logAnalyticsWorkspaceId: Output<String>? = null, val name: Output<String>? = null, val storageAccountId: Output<String>? = null) : ConvertibleToJava<AadDiagnosticSettingArgs>
Manages an Azure Active Directory Diagnostic Setting for Azure Monitor. !>Note: The API for this resource does not support service principal authentication. This resource can only be used with Azure CLI authentication.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-rg",
location: "west europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplestorageaccount",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountKind: "StorageV2",
accountReplicationType: "LRS",
});
const exampleAadDiagnosticSetting = new azure.monitoring.AadDiagnosticSetting("example", {
name: "setting1",
storageAccountId: exampleAccount.id,
enabledLogs: [
{
category: "SignInLogs",
},
{
category: "AuditLogs",
},
{
category: "NonInteractiveUserSignInLogs",
},
{
category: "ServicePrincipalSignInLogs",
},
],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-rg",
location="west europe")
example_account = azure.storage.Account("example",
name="examplestorageaccount",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_kind="StorageV2",
account_replication_type="LRS")
example_aad_diagnostic_setting = azure.monitoring.AadDiagnosticSetting("example",
name="setting1",
storage_account_id=example_account.id,
enabled_logs=[
{
"category": "SignInLogs",
},
{
"category": "AuditLogs",
},
{
"category": "NonInteractiveUserSignInLogs",
},
{
"category": "ServicePrincipalSignInLogs",
},
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-rg",
Location = "west europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplestorageaccount",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountKind = "StorageV2",
AccountReplicationType = "LRS",
});
var exampleAadDiagnosticSetting = new Azure.Monitoring.AadDiagnosticSetting("example", new()
{
Name = "setting1",
StorageAccountId = exampleAccount.Id,
EnabledLogs = new[]
{
new Azure.Monitoring.Inputs.AadDiagnosticSettingEnabledLogArgs
{
Category = "SignInLogs",
},
new Azure.Monitoring.Inputs.AadDiagnosticSettingEnabledLogArgs
{
Category = "AuditLogs",
},
new Azure.Monitoring.Inputs.AadDiagnosticSettingEnabledLogArgs
{
Category = "NonInteractiveUserSignInLogs",
},
new Azure.Monitoring.Inputs.AadDiagnosticSettingEnabledLogArgs
{
Category = "ServicePrincipalSignInLogs",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/monitoring"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-rg"),
Location: pulumi.String("west europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplestorageaccount"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountKind: pulumi.String("StorageV2"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
_, err = monitoring.NewAadDiagnosticSetting(ctx, "example", &monitoring.AadDiagnosticSettingArgs{
Name: pulumi.String("setting1"),
StorageAccountId: exampleAccount.ID(),
EnabledLogs: monitoring.AadDiagnosticSettingEnabledLogArray{
&monitoring.AadDiagnosticSettingEnabledLogArgs{
Category: pulumi.String("SignInLogs"),
},
&monitoring.AadDiagnosticSettingEnabledLogArgs{
Category: pulumi.String("AuditLogs"),
},
&monitoring.AadDiagnosticSettingEnabledLogArgs{
Category: pulumi.String("NonInteractiveUserSignInLogs"),
},
&monitoring.AadDiagnosticSettingEnabledLogArgs{
Category: pulumi.String("ServicePrincipalSignInLogs"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.monitoring.AadDiagnosticSetting;
import com.pulumi.azure.monitoring.AadDiagnosticSettingArgs;
import com.pulumi.azure.monitoring.inputs.AadDiagnosticSettingEnabledLogArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-rg")
.location("west europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplestorageaccount")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountKind("StorageV2")
.accountReplicationType("LRS")
.build());
var exampleAadDiagnosticSetting = new AadDiagnosticSetting("exampleAadDiagnosticSetting", AadDiagnosticSettingArgs.builder()
.name("setting1")
.storageAccountId(exampleAccount.id())
.enabledLogs(
AadDiagnosticSettingEnabledLogArgs.builder()
.category("SignInLogs")
.build(),
AadDiagnosticSettingEnabledLogArgs.builder()
.category("AuditLogs")
.build(),
AadDiagnosticSettingEnabledLogArgs.builder()
.category("NonInteractiveUserSignInLogs")
.build(),
AadDiagnosticSettingEnabledLogArgs.builder()
.category("ServicePrincipalSignInLogs")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-rg
location: west europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplestorageaccount
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountKind: StorageV2
accountReplicationType: LRS
exampleAadDiagnosticSetting:
type: azure:monitoring:AadDiagnosticSetting
name: example
properties:
name: setting1
storageAccountId: ${exampleAccount.id}
enabledLogs:
- category: SignInLogs
- category: AuditLogs
- category: NonInteractiveUserSignInLogs
- category: ServicePrincipalSignInLogsContent copied to clipboard
Import
Monitor Azure Active Directory Diagnostic Settings can be imported using the resource id, e.g.
$ pulumi import azure:monitoring/aadDiagnosticSetting:AadDiagnosticSetting example /providers/Microsoft.AADIAM/diagnosticSettings/setting1Content copied to clipboard
Properties
Link copied to clipboard
One or more enabled_log blocks as defined below.
Link copied to clipboard
Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the name of the Event Hub where Diagnostics Data should be sent. If not specified, the default Event Hub will be used. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent.
Link copied to clipboard
The ID of the Storage Account where logs should be sent. Changing this forces a new resource to be created.