README.md

Azure Log Management

It includes resources needed for Log Management with following resources:

• Log Analytics Workspace
• Storage Account

Related documentation

Microsoft Azure Monitor logs documentation: docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview

Microsoft Azure Storage Account documentation: docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

Microsoft Azure Blob lifecycle management documentation: docs.microsoft.com/en-us/azure/storage/blobs/storage-lifecycle-management-concepts?tabs=azure-portal

Global versioning rule for Claranet Azure modules

Module version	Terraform version	OpenTofu version	AzureRM version
>= 8.x.x	Unverified	1.8.x	>= 4.0
>= 7.x.x	1.3.x		>= 3.0
>= 6.x.x	1.x		>= 3.0
>= 5.x.x	0.15.x		>= 2.0
>= 4.x.x	0.13.x / 0.14.x		>= 2.0
>= 3.x.x	0.12.x		>= 2.0
>= 2.x.x	0.12.x		< 2.0
< 2.x.x	0.11.x		< 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with Hashicorp Terraform. Instead, we recommend to use OpenTofu.

module "logs" {
  source  = "claranet/run/azurerm//modules/logs"
  version = "x.x.x"

  client_name    = var.client_name
  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.name

  extra_tags = {
    foo = "bar"
  }
}

Providers

Name	Version
azurecaf	~> 1.2.23
azurerm	~> 4.9

Modules

Name	Source	Version
storage	claranet/storage-account/azurerm	~> 8.2.0

Resources

Name	Type
azurerm_log_analytics_workspace.main	resource
azurerm_storage_management_policy.main	resource
azurerm_storage_share.main	resource
azurecaf_name.workspace	data source

Inputs

Name	Description	Type	Default	Required
client_name	Client name.	string	n/a	yes
default_tags_enabled	Option to enable or disable default tags	bool	true	no
delete_after_days_since_modification_greater_than	Delete blob after x days without modification.	number	365	no
environment	Environment name.	string	n/a	yes
extra_tags	Extra tags to add	map(string)	{}	no
location	Azure location.	string	n/a	yes
location_short	Short string for Azure location.	string	n/a	yes
name_prefix	Optional prefix for the generated name.	string	""	no
name_suffix	Optional suffix for the generated name.	string	""	no
rbac_storage_blob_role_principal_ids	The principal IDs of the users, groups, and service principals to assign the Storage Blob Data * different roles to if Blob containers are created.	object({ owners = optional(list(string), []) contributors = optional(list(string), []) readers = optional(list(string), []) })	{}	no
rbac_storage_contributor_role_principal_ids	The principal IDs of the users, groups, and service principals to assign the Storage Account Contributor role to.	list(string)	[]	no
resource_group_name	Resource group to which the resources will belong.	string	n/a	yes
stack	Stack name.	string	n/a	yes
storage_account_access_tier	Defines the access tier for BlobStorage, FileStorage and StorageV2 accounts. Valid options are Hot and Cool, defaults to Hot.	string	"Hot"	no
storage_account_advanced_threat_protection_enabled	Enable/disable Advanced Threat Protection, see here for more information.	bool	false	no
storage_account_archived_logs_fileshare_enabled	Enable/disable archived-logs file share creation.	bool	false	no
storage_account_archived_logs_fileshare_name	Name of the file share in which externalized logs are stored.	string	"archived-logs"	no
storage_account_archived_logs_fileshare_quota	The maximum size in GB of the archived-logs file share, default is 5120.	number	null	no
storage_account_archiving_enabled	Enable/disable blob archiving lifecycle.	bool	true	no
storage_account_custom_name	Storage Account for logs custom name. Empty by default, using naming convention.	string	""	no
storage_account_customer_managed_key	Customer Managed Key. Please refer to the documentation for more information.	object({ key_vault_key_id = optional(string) managed_hsm_key_id = optional(string) user_assigned_identity_id = optional(string) })	null	no
storage_account_enabled	Whether the dedicated Storage Account for logs is created.	bool	true	no
storage_account_extra_tags	Extra tags to add to the Storage Account	map(string)	{}	no
storage_account_https_traffic_only_enabled	Enable/disable HTTPS traffic only.	bool	true	no
storage_account_identity_ids	List of User Assigned Identity IDs to assign to the Storage Account.	list(string)	null	no
storage_account_identity_type	The identity type of the storage account. Possible values are SystemAssigned, UserAssigned, SystemAssigned, UserAssigned.	string	"SystemAssigned"	no
storage_account_kind	Storage Account Kind.	string	"StorageV2"	no
storage_account_min_tls_version	Storage Account minimal TLS version.	string	"TLS1_2"	no
storage_account_name_prefix	Storage Account name prefix.	string	""	no
storage_account_replication_type	Storage Account Replication type.	string	"LRS"	no
storage_account_tier	Storage Account tier.	string	"Standard"	no
storage_shared_access_key_enabled	Indicates whether the Storage Account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Entra ID).	bool	false	no
tier_to_archive_after_days_since_modification_greater_than	Change blob tier to Archive after x days without modification.	number	90	no
tier_to_cool_after_days_since_modification_greater_than	Change blob tier to cool after x days without modification.	number	30	no
workspace_custom_name	Azure Log Analytics Workspace custom name. Empty by default, using naming convention.	string	""	no
workspace_daily_quota_gb	The workspace daily quota for ingestion in GB. Defaults to -1 (unlimited).	number	-1	no
workspace_extra_tags	Extra tags to add to the Log Analytics Workspace	map(string)	{}	no
workspace_name_prefix	Log Analytics name prefix.	string	""	no
workspace_retention_in_days	The workspace data retention in days. Possible values range between 30 and 730.	number	30	no
workspace_sku	Specifies the SKU of the Log Analytics Workspace. Possible values are Free, PerNode, Premium, Standard, Standalone, Unlimited, and PerGB2018 (new Sku as of 2018-04-03).	string	"PerGB2018"	no

Outputs

Name	Description
id	The Log Analytics Workspace ID.
log_analytics_workspace_guid	The Log Analytics Workspace GUID.
log_analytics_workspace_location	The Log Analytics Workspace location.
log_analytics_workspace_primary_key	The Primary shared key for the Log Analytics Workspace.
log_analytics_workspace_secondary_key	The secondary shared key for the Log Analytics Workspace.
logs_resource_group_name	Resource Group of the logs resources.
module_storage_logs	Storage Account for logs module output.
name	The Log Analytics Workspace name.
resource	Log Analytics Workspace resource object.
storage_account_archived_logs_fileshare_name	Name of the file share in which externalized logs are stored.
storage_account_id	ID of the logs Storage Account.
storage_account_name	Name of the logs Storage Account.
storage_account_primary_access_key	Primary connection string of the logs Storage Account.
storage_account_primary_connection_string	Primary connection string of the logs Storage Account.
storage_account_secondary_access_key	Secondary connection string of the logs Storage Account.
storage_account_secondary_connection_string	Secondary connection string of the logs Storage Account.