Introduction
Using terraform, sometimes we may need to enable diagnostic settings for blob, files, queue and tables. There are three categories for blob, files, queue and table:
- Storage Read
- Storage Write
- Storage Delete
Procedure
In order to enable diagnostics for the blob, we need to append below to the target_resource_id:
/blobServices/default/Similarly for queue, table and file we need to append below to respective target_resource_id:
/queueServices/default
/tableServices/default
/fileServices/defaultThe terraform code in order to enable Storage Write for blob, queue, table and files, the terraform code should look as below:
provider "azurerm" {
features { }
}
resource "azurerm_resource_group" "example" {
name = "example-resources-azurermdiag"
location = "West Europe"
}
resource "azurerm_storage_account" "example" {
name = "storageaccdiag"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_monitor_diagnostic_setting" "examplesablob" {
name = "examplediagsettingblob"
target_resource_id = "${azurerm_storage_account.example.id}/blobServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
}
}
resource "azurerm_monitor_diagnostic_setting" "examplesaqueue" {
name = "examplediagsettingqueue"
target_resource_id = "${azurerm_storage_account.example.id}/queueServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
}
}
resource "azurerm_monitor_diagnostic_setting" "examplesatable" {
name = "examplediagsettingtable"
target_resource_id = "${azurerm_storage_account.example.id}/tableServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
}
}
resource "azurerm_monitor_diagnostic_setting" "examplesafile" {
name = "examplediagsettingfile"
target_resource_id = "${azurerm_storage_account.example.id}/fileServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
}
}
Running terraform plan followed by terraform apply shall perform the below actions:
# azurerm_monitor_diagnostic_setting.examplesablob will be created
+ resource "azurerm_monitor_diagnostic_setting" "examplesablob" {
+ id = (known after apply)
+ log_analytics_destination_type = (known after apply)
+ name = "exampleabhinavdiagsettingblob"
+ storage_account_id = "/subscriptions/9f9b362c-xxxx-xxxx-xxxx-987494fd7c26/resourceGroups/example-resources-abhinav-azurermdiag/providers/Microsoft.Storage/storageAccounts/storageaccabhinavdiag"
+ target_resource_id = "/subscriptions/9f9b362c-xxxx-xxxx-xxxx-987494fd7c26/resourceGroups/example-resources-abhinav-azurermdiag/providers/Microsoft.Storage/storageAccounts/storageaccabhinavdiag/blobServices/default/"
+ enabled_log {
+ category = "StorageWrite"
}
}
The Storage Write should get enabled for blob, queue, table and files: