AzPolicyAdvertizer

last sync: 2020-Jul-03 15:47:34 UTC

Azure Policy

Deploy Diagnostic Settings for Search Services to Event Hub

Policy DisplayName Deploy Diagnostic Settings for Search Services to Event Hub
Policy Id 3d5da587-71bd-41f5-ac95-dd3330c2d58d
Policy Category Monitoring
Policy Description Deploys the diagnostic settings for Search Services to stream to a regional Event Hub when any Search Services which is missing this diagnostic settings is created or updated.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: DeployIfNotExists
Allowed: (DeployIfNotExists,Disabled)
Roles used
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2019-10-29 23:04:36 add: Policy 3d5da587-71bd-41f5-ac95-dd3330c2d58d
Used in Policy Initiative(s) none
Policy Rule 
{
  "properties": {
    "displayName": "Deploy Diagnostic Settings for Search Services to Event Hub",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Deploys the diagnostic settings for Search Services to stream to a regional Event Hub when any Search Services which is missing this diagnostic settings is created or updated.",
    "metadata": {
      "version": "2.0.0",
      "category": "Monitoring"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "DeployIfNotExists",
          "Disabled"
        ],
        "defaultValue": "DeployIfNotExists"
      },
      "profileName": {
        "type": "String",
        "metadata": {
          "displayName": "Profile name",
          "description": "The diagnostic settings profile name"
        },
        "defaultValue": "setbypolicy_eventHub"
      },
      "eventHubRuleId": {
        "type": "String",
        "metadata": {
          "displayName": "Event Hub Authorization Rule Id",
        "description": "The Event Hub authorization rule Id for Azure Diagnostics. The authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}",
          "strongType": "Microsoft.EventHub/Namespaces/AuthorizationRules",
          "assignPermissions": true
        }
      },
      "eventHubLocation": {
        "type": "String",
        "metadata": {
          "displayName": "Event Hub Location",
          "description": "The location the Event Hub resides in. Only Search Services in this location will be linked to this Event Hub.",
          "strongType": "location"
        },
        "defaultValue": ""
      },
      "metricsEnabled": {
        "type": "String",
        "metadata": {
          "displayName": "Enable metrics",
          "description": "Whether to enable metrics stream to the Event Hub - True or False"
        },
        "allowedValues": [
          "True",
          "False"
        ],
        "defaultValue": "False"
      },
      "logsEnabled": {
        "type": "String",
        "metadata": {
          "displayName": "Enable logs",
          "description": "Whether to enable logs stream to the Event Hub  - True or False"
        },
        "allowedValues": [
          "True",
          "False"
        ],
        "defaultValue": "True"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Search/searchServices"
          },
          {
            "anyOf": [
              {
              "value": "[parameters('eventHubLocation')]",
                "equals": ""
              },
              {
                "field": "location",
              "equals": "[parameters('eventHubLocation')]"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Insights/diagnosticSettings",
        "name": "[parameters('profileName')]",
          "existenceCondition": {
            "allOf": [
              {
                "field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
              "equals": "[parameters('logsEnabled')]"
              },
              {
                "field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
              "equals": "[parameters('metricsEnabled')]"
              }
            ]
          },
          "roleDefinitionIds": [
            "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "deployment": {
            "properties": {
              "mode": "incremental",
              "template": {
                "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                "contentVersion": "1.0.0.0",
                "parameters": {
                  "resourceName": {
                    "type": "string"
                  },
                  "location": {
                    "type": "string"
                  },
                  "eventHubRuleId": {
                    "type": "string"
                  },
                  "metricsEnabled": {
                    "type": "string"
                  },
                  "logsEnabled": {
                    "type": "string"
                  },
                  "profileName": {
                    "type": "string"
                  }
                },
                "variables": {
                  
                },
                "resources": [
                  {
                    "type": "Microsoft.Search/searchServices/providers/diagnosticSettings",
                    "apiVersion": "2017-05-01-preview",
                  "name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]",
                  "location": "[parameters('location')]",
                    "dependsOn": [
                      
                    ],
                    "properties": {
                    "eventHubAuthorizationRuleId": "[parameters('eventHubRuleId')]",
                      "metrics": [
                        {
                          "category": "AllMetrics",
                        "enabled": "[parameters('metricsEnabled')]",
                          "retentionPolicy": {
                            "enabled": false,
                            "days": 0
                          }
                        }
                      ],
                      "logs": [
                        {
                          "category": "OperationLogs",
                        "enabled": "[parameters('logsEnabled')]"
                        }
                      ]
                    }
                  }
                ],
                "outputs": {
                  
                }
              },
              "parameters": {
                "location": {
                "value": "[field('location')]"
                },
                "resourceName": {
                "value": "[field('name')]"
                },
                "eventHubRuleId": {
                "value": "[parameters('eventHubRuleId')]"
                },
                "metricsEnabled": {
                "value": "[parameters('metricsEnabled')]"
                },
                "logsEnabled": {
                "value": "[parameters('logsEnabled')]"
                },
                "profileName": {
                "value": "[parameters('profileName')]"
                }
              }
            }
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/3d5da587-71bd-41f5-ac95-dd3330c2d58d",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "3d5da587-71bd-41f5-ac95-dd3330c2d58d"
}