Deploy a Log Analytics Workspace with Terraform

One of the most critical components of an Azure environment is a Log Analytics workspace. It is important because you can configure diagnostic settings on most of the Azure resources. These diagnostic settings can be sent to your Log Analytics Workspace.

In this blogpost I’ll show you how to deploy it to your management resource group in the hub.

Besides the Log Analytics Workspace I also deploy several Solutions. Using solutions you can get more insight about the resources you have deployed.

In this example I set all the solutions in a local and create a loop for it. This way I can easily add/remove solutions.

locals {
  solution_name = toset([
    "Security","SecurityInsights","AgentHealthAssessment","AzureActivity","SecurityCenterFree","DnsAnalytics","ADAssessment","AntiMalware","ServiceMap","SQLAssessment", "SQLAdvancedThreatProtection", "AzureAutomation", "Containers", "ChangeTracking", "Updates", "VMInsights"
  ])
}

Like alot of resources, you can enable diagnostic settings on a Log analytics workspace.

The code as usual can be found on my Github.

provider "azurerm" {
  features {} 
}

provider "azurerm" {
  features {}
  alias = "hub"
  subscription_id = var.subscription_id_mgmt
}
provider "azurerm" {
  features {}
  alias = "prod"
  subscription_id = var.subscription_id_prd
}
provider "azurerm" {
  features {}
  alias = "identity"
  subscription_id = var.subscription_id_identity
}
provider "azurerm" {
  features {}
  alias = "avd"
  subscription_id = var.subscription_id_avd
}

data "azurerm_resource_group" "rg-hub-mgmt" {
  provider = azurerm.hub
  name = "rg-${var.env}-${var.prefix}-management-01"
}
locals {
  solution_name = toset([
    "Security","SecurityInsights","AgentHealthAssessment","AzureActivity","SecurityCenterFree","DnsAnalytics","ADAssessment","AntiMalware","ServiceMap","SQLAssessment", "SQLAdvancedThreatProtection", "AzureAutomation", "Containers", "ChangeTracking", "Updates", "VMInsights"
  ])
}


resource "azurerm_log_analytics_workspace" "law" {
  provider = azurerm.hub
  name                = "law-${var.env}-${var.prefix}-01"
  location            = data.azurerm_resource_group.rg-hub-mgmt.location
  resource_group_name = data.azurerm_resource_group.rg-hub-mgmt.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
   tags = {
    "Critical"    = "Yes"
    "Solution"    = "Logs"
    "Costcenter"  = "It"
    "Environment" = "Hub"
  }
}
resource "azurerm_monitor_diagnostic_setting" "law" {
  name = "diag-law-${var.env}-${var.prefix}-01"
  target_resource_id = azurerm_log_analytics_workspace.law.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.law.id
  log {
    category = "Audit"
    enabled  = true

    retention_policy {
      enabled = true
    }
  }
  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = true
    }
  }
}
resource "azurerm_log_analytics_solution" "solutions" {
  provider = azurerm.hub
  for_each = local.solution_name
  solution_name         = each.key
  location              = data.azurerm_resource_group.rg-hub-mgmt.location
  resource_group_name   = data.azurerm_resource_group.rg-hub-mgmt.name
  workspace_resource_id = azurerm_log_analytics_workspace.law.id
  workspace_name        = azurerm_log_analytics_workspace.law.name

  plan {
    publisher = "Microsoft"
    product   = "OMSGallery/${each.key}"
  }
}

When you deploy this code the outcome will look like the following

This concludes this blogpost on deploying a Log Analytics Workspace with Solutions using Terraform. If you have any questions about this, you can contact me om my socials.

Leave a Reply

Your email address will not be published. Required fields are marked *