CODEWITHSUNDEEP
azureterraformterraform-provider-azureazure-waf
Kostas Demiris
Kostas Demiris

Reputation: 3631

How to set Azure Web Application Firewall (WAF) logs via Terraforn?

I am trying to do this, via Terraform code: enter image description here

However, I can not find how. Is it some obscure resource or it is not implemented at all ?

Upvotes: 1

Views: 1659

Answers (3)

Pavel Durov
Pavel Durov

Reputation: 1297

This worked for me:

resource "azurerm_resource_group" "rg" {
  name     = "example"
  location = "example-region"
}

resource "azurerm_log_analytics_workspace" "appgw_log_analytics" {
  name                = "appgw-log-analytics"
  location            = "example-region"
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
}

resource "azurerm_monitor_diagnostic_setting" "appgw_monitor_diagnostic_setting" {
  name                       = "appgw-monitor-diagnostic-setting"
  target_resource_id         = azurerm_application_gateway.ingress_app_gateway.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.appgw_log_analytics.id

  enabled_log {
    category = "ApplicationGatewayAccessLog"
  }
  enabled_log {
    category = "ApplicationGatewayPerformanceLog"
  }

  enabled_log {
    category = "ApplicationGatewayFirewallLog"
  }
  enabled_log {
    category = "ApplicationGatewayFirewallLog"
  }

  metric {
    category = "AllMetrics"
    enabled  = true
  }
}

provider:

azurerm = {
  source  = "hashicorp/azurerm"
  version = "~> 3.100.0"
}

Upvotes: 0

Charles Xu
Charles Xu

Reputation: 31434

You can use the azurerm_monitor_diagnostic_setting to configure the setting as ydaetskcoR said, it works like the screenshot you provided shows. Here is the example code:

resource "azurerm_monitor_diagnostic_setting" "example" {
  name               = "example"
  target_resource_id = "application_gateway_resource_id"
  storage_account_id = data.azurerm_storage_account.example.id

  log {
    category = "ApplicationGatewayFirewallLog"
    enabled  = true

    retention_policy {
      enabled = true
      days = 30
    }
  }

}

Terraform does not support Data for application gateway, so you need to input the resource id of the existing application gateway yourself, or quote the id when you create the new application gateway.

Upvotes: 4

Tim Wallarm
Tim Wallarm

Reputation: 1

It seems like logs are not supported by Terraform for Azure WAF (ApplicationGateway) yet.

Upvotes: 0

Related Questions