I create a Diagnostic Settings for a KeyVault resource in Azure portal. DS properties are Metrics = AllMetrics and Destination is a predefined Log Analytics Workspace.
When I do an export (Automation - Export Template) from Portal, nothing from the diagnostic setting is included in the generated ARM json. I've noticed the same behavior when resource is an App Service.
Is this by design? A bug? Any other way to get the ARM json for the diagnostic setting I've defined?
I tried the same in my environment and seems we cannot export the diagnostics settings for any service like key vault, app service , storage account etc when we try to export the template for automation . But there are some sample Diagnostics settings Templates for few resources provided in Microsoft Documentation.
So , as per your settings it will something like below which I have tested by deploying :
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"settingName": {
"type": "String",
"defaultValue": "testdsansuman"
},
"vaultName": {
"type": "String",
"defaultValue": "ansumantestkv1234"
},
"workspaceName": {
"type": "String",
"defaultValue": "ansumantestlog"
}
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('vaultName'), '/Microsoft.Insights/', parameters('settingName'))]",
"dependsOn": [],
"properties": {
"workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('WorkspaceName'))]",
"metrics": [
{
"category": "AllMetrics",
"enabled": true
}
]
}
}
]
}
Output:
Related
There is an option to create Managed Identity from terraform for Stream analytics job (azurerm_stream_analytics_job, using identity block).
And it is possible to use Managed Identity to connect to databases (as explained here)
But I could not find how to use managed identity to create input using azurerm_stream_analytics_reference_input_mssql
UPDATE:
To be clear, thats what I am after:
And then
As Per July 2022
It does not look like terraform is supporting it (see documentation).
With this arm template, I was able to deploy ("authenticationMode": "Msi"):
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"streamAnalyticsJobName": {
"type": "string"
},
"streamAnalyticsJobNameInputName": {
"type": "string"
},
"sqlServerName": {
"type": "string"
},
"databaseName": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.StreamAnalytics/streamingjobs/inputs",
"apiVersion": "2017-04-01-preview",
"name": "[format('{0}/{1}', parameters('streamAnalyticsJobName'), parameters('streamAnalyticsJobNameInputName'))]",
"properties": {
"type": "Reference",
"datasource": {
"type": "Microsoft.Sql/Server/Database",
"properties": {
"authenticationMode": "Msi",
"server": "[parameters('sqlServerName')]",
"database": "[parameters('databaseName')]",
"refreshType": "Static",
"fullSnapshotQuery": "SELECT Id, Name, FullName\nFrom dbo.Device\nFOR SYSTEM_TIME AS OF #snapshotTime --Optional, available if table Device is temporal"
}
}
}
}
]
}
So you could always use azurerm_template_deployment resource to deploy using terraform.
Using ARM templates I am trying to set "slotSetting: true" in my app service config - this seems to have been a options (see link below) in previous versions of the ARM template but I am not able to find how to do it with the latest version.
Link to how this was solved previously: How to use sticky staging slots in Azure Arm Templates
I solved it by using a nested template with the older API to lock the settings but please add the correct solution if you have it!
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appServiceName": {
"type": "string"
},
"appSettingsToLock": {
"type": "array"
},
"conncetionStringsToLock": {
"type": "array"
}
},
"resources": [
{
"apiVersion": "2015-08-01",
"name": "[concat(parameters('appServiceName'),'/slotconfignames')]",
"type": "Microsoft.Web/sites/config",
"properties": {
"connectionStringNames": "[parameters('conncetionStringsToLock')]",
"appSettingNames": "[parameters('appSettingsToLock')]"
}
}
]
}
I'm creating a logic app which will do some operations on a blob storage, thus it needs a Connector to a specific blob storage. I'm able to define which Connector should be used (providing its name and other properties), however if it doesn't exist yet, the template fails to deploy. I know we can create these connectors via logic app designer, but i would very much like to automate that process. Hence the question:
Is it possible to deploy/create this connector using an ARM template or a script?
You can check this post related to Logic App connector.
Here is an ARM Template that create an API connection to blob storage:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"azureBlobConnectionAPIName": {
"type": "string",
"metadata": {
"description": "The name of the connection api to access the azure blob storage."
}
},
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The Storage Account Name."
}
}
},
"variables": {
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
},
"resources": [
{
"type": "Microsoft.Web/connections",
"name": "[parameters('azureBlobConnectionAPIName')]",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"scale": null,
"properties": {
"displayName": "[parameters('azureBlobConnectionAPIName')]",
"parameterValues": {
"accountName": "[parameters('storageAccountName')]",
"accessKey": "[listKeys(variables('storageAccountId'),'2015-05-01-preview').key1]"
},
"api": {
"id": "[concat('subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('defaultResourceLocation'), '/managedApis/azureblob')]"
}
},
"dependsOn": []
}
]
}
In my azure template I have a condition where I chose if I want my webapps deployed on a dedicated App Service Plan or if I want to use a shared App Service plan.
If I chose to not use a dedicated plan I want to ignore:
- the first section where I deploy the dedicated App Service Plan
- the second section where I deploy the Web Apps and use the dedicated Service Plan.
The third section is then used and deploy the web apps with a shared app plan.
Below is an extract of my ARM template.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"_artifactsLocation": {
"type": "string"
},
"_artifactsLocationSasToken": {
"type": "string"
},
"environmentConfiguration": {
"type": "object"
}
},
"variables": {},
"resources": [
{
"comments": "App Service Plan hosting all websites",
"apiVersion": "2017-05-10",
"name": "AppServicePlan",
"type": "Microsoft.Resources/deployments",
"condition": "[equals(parameters('environmentConfiguration').serverFarm.useDedicatedPlan, 'true')]",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'),'/Microsoft.Web/Asp.json',parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"environmentConfiguration": {
"value": "[parameters('environmentConfiguration')]"
}
}
}
},
{
"comments": "Web apps on dedicated plan",
"apiVersion": "2017-05-10",
"name": "[concat('WebAppsDedicatedPlan-',parameters('environmentConfiguration').webApp.webApps[copyIndex()].name)]",
"type": "Microsoft.Resources/deployments",
"condition": "[equals(parameters('environmentConfiguration').serverFarm.useDedicatedPlan, 'true')]",
"copy": {
"name": "webAppCopy",
"count": "[length(parameters('environmentConfiguration').webApp.webApps)]"
},
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'AppServicePlan')]"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'),'/Microsoft.Web/WebApp.json',parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"environmentConfiguration": {
"value": "[parameters('environmentConfiguration')]"
},
"dependencies": {
"value": {
"webAppInfo": "[parameters('environmentConfiguration').webApp.webApps[copyIndex()]]",
"serverFarmId": "[reference('AppServicePlan').outputs.serverFarmId.value]"
}
}
}
}
},
{
"comments": "Web apps on shared plan",
"apiVersion": "2017-05-10",
"name": "[concat('WebAppsOnSharedPlan-',parameters('environmentConfiguration').webApp.webApps[copyIndex()].name)]",
"type": "Microsoft.Resources/deployments",
"condition": "[equals(parameters('environmentConfiguration').serverFarm.useDedicatedPlan, 'false')]",
"copy": {
"name": "webAppCopy",
"count": "[length(parameters('environmentConfiguration').webApp.webApps)]"
},
"dependsOn": [],
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[concat(parameters('_artifactsLocation'),'/Microsoft.Web/WebApp.json',parameters('_artifactsLocationSasToken'))]",
"contentVersion": "1.0.0.0"
},
"parameters": {
"environmentConfiguration": {
"value": "[parameters('environmentConfiguration')]"
},
"dependencies": {
"value": {
"webAppInfo": "[parameters('environmentConfiguration').webApp.webApps[copyIndex()]]",
"serverFarmId": "[resourceId('sharedResources','Microsoft.Web/serverfarms','sharedasp')]"
}
}
}
}
}
],
"outputs": {}
}
What is working: If I remove the condition in the App Service Plan section and I ask to not use the dedicated plan, my web apps are deployed using the shared plan. (The app service plan is also deployed).
What is not working: If I let the condition in the App Service Plan section to not deploy it when I ask for to not use the dedicated plan the validation fails with the following message:
2017-09-25T11:55:49.7343682Z Creating deployment parameters.
2017-09-25T11:55:49.7373683Z The detected encoding for file
'd:\a\r1\a\output\iac\myapp.json' is 'utf-8'
2017-09-25T11:55:49.7373683Z The detected encoding for file
'd:\a\r1\a\output\iac\myapp.parameters.qa.json' is 'utf-8'
2017-09-25T11:55:49.7373683Z Starting Deployment.
2017-09-25T11:55:51.3725072Z There were errors in your deployment.
Error code: InvalidTemplate. 2017-09-25T11:55:51.3735078Z
##[error]Deployment template validation failed: 'The template resource 'Microsoft.Resources/deployments/WebAppsDedicatedPlan-appadmin'
reference to 'Microsoft.Resources/deployments/AppServicePlan' requires
an API version. Please see https://aka.ms/arm-template for usage
details.'. 2017-09-25T11:55:51.3735078Z ##[error]Task failed while
creating or updating the template deployment.
2017-09-25T11:55:51.4295112Z ##[section]Finishing: Azure Deployment:
Update resource group
How can I solve this issue?
'The template resource
'Microsoft.Resources/deployments/WebAppsDedicatedPlan-appadmin'
reference to 'Microsoft.Resources/deployments/AppServicePlan' requires
an API version.
The error gives that away. Check docs for better understanding. This is why it errors out:
API version of the specified resource. Include this parameter when the resource is not provisioned within same template. Typically, in the format, yyyy-mm-dd.
So you need to add api version to the reference function for resources created outside of the template
Is it possible to add storage to a resource groups?
IIRC my storage group was created automatically when I used the 'old' version of the portal.
I can see my domain and VM in the group, but no storage. How do I add it?
You can create the storage account with in a resource group by using following template via ARM API or Powershell as well:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"accountType": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2014-06-01",
"name": "[parameters('name')]",
"type": "Microsoft.ClassicStorage/StorageAccounts",
"location": "[parameters('location')]",
"properties": {
"accountType": "[parameters('accountType')]"
}
}
]}
Assuming you mean storage account, you can create a storage account within a resource group in the preview portal. You cannot yet do it via the ARM API or Powershell though (see this question).