Reputation: 1224
Azure Automation Account policy for Diagnostic Settings
I am trying to create an Azure Policy here to audit when diagnostic settings are not set for Automation Accounts.
I cannot find the field to verify if the Automation account saves it.
For now, I noticed this, the settings seem to be here: Microsoft.Insights/diagnosticSettings
My diagnostic settings are available: /subscriptions/SUBSCRIPTIONID/resourcegroups/RESOURCEGROUP/providers/microsoft.automation/automationaccounts/AUTOMATIONACC/providers/microsoft.insights/diagnosticSettings/DIAGSETTINGNAME
But how can I use that information in order to have the policy to check if the resource is compliant?
Upvotes: 0
Views: 368
Answers (1)
Reputation: 2088
Are you looking for the below Policy, here you can pass the Automation accounts (Resource Type) in the parameters. You can find list of built-in policies here.
Please follow this link to view the policy definition on Azure Portal.
{
"properties": {
"displayName": "Audit diagnostic setting",
"policyType": "BuiltIn",
"mode": "All",
"description": "Audit diagnostic setting for selected resource types",
"metadata": {
"version": "1.0.0",
"category": "Monitoring"
},
"parameters": {
"listOfResourceTypes": {
"type": "Array",
"metadata": {
"displayName": "Resource Types",
"strongType": "resourceTypes"
}
}
},
"policyRule": {
"if": {
"field": "type",
"in": "[parameters('listOfResourceTypes')]"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "true"
}
]
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "7f89b1eb-583c-429a-8828-af049802c1d9"
}
Upvotes: 1
Related Questions
- Enabling diagnostic settings for Azure Storage Account using PowerShell
- Using the Azure cli to automate the creation of Diagnostic Settings for resources
- How to ensure the diagnostic settings for storage accounts Azure policy is permanently enforced?
- Enable diagnostic settings for Storage account using Azure Policy Definition
- How can I assure that newly created prod azure resources are locked by policy?
- Azure policy deployment using visual studio
- Creating Azure Run As account for automation
- How do I reconfigure the Azure diagnostics extension when recreating an Azure VM
- Azure Automation
- How is Azure Diagnostics storage account configured?