Create diagnostic settings for Azure storage account : BLOB, FILES, QUEUES, TABLE

Introduction

Using terraform, sometimes we may need to enable diagnostic settings for blob, files, queue and tables. There are three categories for blob, files, queue and table:

• Storage Read
• Storage Write
• Storage Delete

Procedure

In order to enable diagnostics for the blob, we need to append below to the target_resource_id:

/blobServices/default/

Similarly for queue, table and file we need to append below to respective target_resource_id:

/queueServices/default
/tableServices/default
/fileServices/default

The terraform code in order to enable Storage Write for blob, queue, table and files, the terraform code should look as below:

provider "azurerm" {
features { }
}

resource "azurerm_resource_group" "example" {
name = "example-resources-azurermdiag"
location = "West Europe"
}

resource "azurerm_storage_account" "example" {
name = "storageaccdiag"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}

resource "azurerm_monitor_diagnostic_setting" "examplesablob" {
name = "examplediagsettingblob"
target_resource_id = "${azurerm_storage_account.example.id}/blobServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
 }
}

resource "azurerm_monitor_diagnostic_setting" "examplesaqueue" {
name = "examplediagsettingqueue"
target_resource_id = "${azurerm_storage_account.example.id}/queueServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
 }
}

resource "azurerm_monitor_diagnostic_setting" "examplesatable" {
name = "examplediagsettingtable"
target_resource_id = "${azurerm_storage_account.example.id}/tableServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
 }
}

resource "azurerm_monitor_diagnostic_setting" "examplesafile" {
name = "examplediagsettingfile"
target_resource_id = "${azurerm_storage_account.example.id}/fileServices/default/"
storage_account_id = azurerm_storage_account.example.id
enabled_log {
category = "StorageWrite"
 }
}

Running terraform plan followed by terraform apply shall perform the below actions:

# azurerm_monitor_diagnostic_setting.examplesablob will be created
+ resource "azurerm_monitor_diagnostic_setting" "examplesablob" {
+ id = (known after apply)
+ log_analytics_destination_type = (known after apply)
+ name = "exampleabhinavdiagsettingblob"
+ storage_account_id = "/subscriptions/9f9b362c-xxxx-xxxx-xxxx-987494fd7c26/resourceGroups/example-resources-abhinav-azurermdiag/providers/Microsoft.Storage/storageAccounts/storageaccabhinavdiag"
+ target_resource_id = "/subscriptions/9f9b362c-xxxx-xxxx-xxxx-987494fd7c26/resourceGroups/example-resources-abhinav-azurermdiag/providers/Microsoft.Storage/storageAccounts/storageaccabhinavdiag/blobServices/default/"

+ enabled_log {
+ category = "StorageWrite"
}
}

The Storage Write should get enabled for blob, queue, table and files:

Additional Information

Monitor diagnostic setting