retention_policy terraform is deprecated inside azurerm_monitor_diagnostic_setting how to update it using azurerm_storage_management_policy

NKol
January 3, 2024
188 views
0 votes
2 Answers

retention_policy has been deprecated in favor of azurerm_storage_management_policy resource – to learn more https://aka.ms/diagnostic_settings_log_retention

do you know and have some examples how to implement it using the azurerm_storage_management_policy resource?

so how to implement this block using:

resource "azurerm_monitor_diagnostic_setting" "example" {
  log_analytics_workspace_id = var.log_analytics_workspace_id
  name                       = "example"
  target_resource_id         = azurerm_linux_web_app.example.id

  log {
    category = "AppServiceHTTPLogs"
    enabled  = true

    retention_policy {
      enabled = true
      days    = 10
    }
  }

did not try with azure azurerm_storage_management_policy since from documentation it is not clear how to do it?

Tags: azure terraform

Answers

First, set up azurerm_monitor_diagnostic_setting without retention_policy:

    resource "azurerm_monitor_diagnostic_setting" "example" {
  //other config
  log {
    category = "AppServiceHTTPLogs"
    enabled  = true
  }
  //other config
}

Then, define the retention using azurerm_storage_management_policy:

   resource "azurerm_storage_management_policy" "example" {
  storage_account_id = azurerm_storage_account.example.id

  rule {
    name    = "appservice-logs-retention"
    enabled = true
    filters {
      prefix_match = ["log-files/AppServiceHTTPLogs"]
      blob_types   = ["blockBlob"]
    }
    actions {
      base_blob {
        delete_after_days_since_modification_greater_than = 5
      }
    }
  }
}

I tried to update retention_policy terraform which is deprecated inside azurerm_monitor_diagnostic_setting and I able to provision the requirement using azurerm_storage_management_policy

The retention_policy block inside the azurerm_monitor_diagnostic_setting resource is no longer supported. You need to use the azurerm_storage_management_policy resource to manage how long logs are kept in Azure.

You can use azurerm_storage_management_policy to set up log retention. First, create a storage account where you will store the logs as blobs. Then, define a storage management policy for the blobs and specify the retention period for the logs.

My terraform configuration:

# Define the provider
provider "azurerm" {
  features {}
}

# Create a resource group
resource "azurerm_resource_group" "example" {
  name     = "demorg-vk"
  location = "East US"
}

resource "azurerm_log_analytics_workspace" "example" {
  name                = "vksb-ws"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
}

# Create a storage account
resource "azurerm_storage_account" "example" {
  name                     = "vksbstacc"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

# Create a blob container in the storage account
resource "azurerm_storage_container" "example" {
  name                  = "logs"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "blob"
}

# Create a storage management policy to define log retention
resource "azurerm_storage_management_policy" "example" {
  storage_account_id = azurerm_storage_account.example.id

  rule {
    name    = "retention-policy"
    enabled = true
    filters {
      prefix_match = ["logs/"]
      blob_types   = ["blockBlob"]
    }
    actions {
      base_blob {
        tier_to_cool_after_days_since_modification_greater_than    = 3
        tier_to_archive_after_days_since_modification_greater_than = 9
        delete_after_days_since_modification_greater_than          = 10
      }
    }
  }
}

resource "azurerm_service_plan" "example" {
  name                = "demovkb"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  os_type             = "Linux"
  sku_name            = "P1v2"
}

# Create a Linux Web App
resource "azurerm_linux_web_app" "example" {
  name                = "vksbdemo-app"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  service_plan_id     = azurerm_service_plan.example.id
   
   site_config {}
}



# Create a diagnostic setting for the Linux Web App
resource "azurerm_monitor_diagnostic_setting" "example" {
  name                       = "vksb-setting"
  target_resource_id         = azurerm_linux_web_app.example.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id

  enabled_log {
    category = "AppServiceHTTPLogs"
  }

    metric {
    category = "AllMetrics"
  }

  # Send logs to the storage account
  storage_account_id = azurerm_storage_account.example.id
}

Output:

Please signup or login to give your own answer.

Click here to cancel reply.