Location>code7788 >text

【Azure Policy】utilizationdeployIfNotExists particle marking the following noun as a direct object Azure Activity logs Exporting a file saved in theStorage Account

Popularity:573 ℃/2024-09-04 19:32:53
1 { 2 "mode": "All", 3 "policyRule": { 4 "if": { 5 "field": "type", 6 "equals": "/subscriptions" 7 }, 8 "then": { 9 "effect": "[parameters('effect')]", 10 "details": { 11 "type": "/diagnosticSettings", 12 "ExistenceScope": "Subscription", 13 "existenceCondition": { 14 "allOf": [ 15 { 16 "field": "/diagnosticSettings/storageAccountId", 17 "equals": "[parameters('storageAccount')]" 18 }, 19 { 20 "count": { 21 "field": "/diagnosticSettings/logs[*]", 22 "where": { 23 "allOf": [ 24 { 25 "anyof": [ 26 { 27 "field": "/diagnosticSettings/logs[*].category", 28 "equals": "Administrative" 29 }, 30 { 31 "field": "/diagnosticSettings/logs[*].category", 32 "equals": "Security" 33 }, 34 { 35 "field": "/diagnosticSettings/logs[*].category", 36 "equals": "Alert" 37 }, 38 { 39 "field": "/diagnosticSettings/logs[*].category", 40 "equals": "Recommendation" 41 }, 42 { 43 "field": "/diagnosticSettings/logs[*].category", 44 "equals": "ResourceHealth" 45 } 46 ] 47 }, 48 { 49 "field": "/diagnosticSettings/logs[*].enabled", 50 "equals": "true" 51 } 52 ] 53 } 54 }, 55 "equals": 5 56 } 57 ] 58 }, 59 "deploymentScope": "subscription", 60 "deployment": { 61 "location": "chinaeast2", 62 "properties": { 63 "mode": "incremental", 64 "template": { 65 "$schema": "/schemas/2018-05-01/#", 66 "contentVersion": "1.0.0.0", 67 "parameters": { 68 "storageAccount": { 69 "type": "string" 70 }, 71 "logsEnabled": { 72 "type": "string" 73 }, 74 "profileName": { 75 "type": "string" 76 } 77 }, 78 "variables": {}, 79 "resources": [ 80 { 81 "type": "/diagnosticSettings", 82 "apiVersion": "2017-05-01-preview", 83 "name": "[parameters('profileName')]", 84 "location": "global", 85 "dependsOn": [], 86 "properties": { 87 "storageAccountId": "[parameters('storageAccount')]", 88 "logs": [ 89 { 90 "category": "Administrative", 91 "enabled": "[parameters('logsEnabled')]" 92 }, 93 { 94 "category": "Security", 95 "enabled": "[parameters('logsEnabled')]" 96 }, 97 { 98 "category": "Alert", 99 "enabled": "[parameters('logsEnabled')]" 100 }, 101 { 102 "category": "Recommendation", 103 "enabled": "[parameters('logsEnabled')]" 104 }, 105 { 106 "category": "ResourceHealth", 107 "enabled": "[parameters('logsEnabled')]" 108 } 109 ] 110 } 111 } 112 ], 113 "outputs": {} 114 }, 115 "parameters": { 116 "storageAccount": { 117 "value": "[parameters('storageAccount')]" 118 }, 119 "logsEnabled": { 120 "value": "[parameters('logsEnabled')]" 121 }, 122 "profileName": { 123 "value": "[parameters('profileName')]" 124 } 125 } 126 } 127 }, 128 "roleDefinitionIds": [ 129 "/providers//roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", 130 "/providers//roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab" 131 ] 132 } 133 } 134 }, 135 "parameters": { 136 "effect": { 137 "type": "String", 138 "metadata": { 139 "displayName": "Effect", 140 "description": "Enable or disable the execution of the policy" 141 }, 142 "allowedValues": [ 143 "DeployIfNotExists", 144 "Disabled" 145 ], 146 "defaultValue": "DeployIfNotExists" 147 }, 148 "profileName": { 149 "type": "String", 150 "metadata": { 151 "displayName": "Profile name", 152 "description": "The diagnostic settings profile name" 153 }, 154 "defaultValue": "setbypolicy_storageaccount" 155 }, 156 "storageAccount": { 157 "type": "String", 158 "metadata": { 159 "displayName": "Storage Account Name", 160 "description": "Select storage account from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.", 161 "strongType": "/storageAccounts", 162 "assignPermissions": true 163 }, 164 "defaultValue": "/subscriptions/<subscription id>/resourcegroups/<resource group name>/providers//storageaccounts/<storage account name>" 165 }, 166 "logsEnabled": { 167 "type": "String", 168 "metadata": { 169 "displayName": "Enable logs", 170 "description": "Whether to enable logs stream to the Log Analytics workspace - True or False" 171 }, 172 "allowedValues": [ 173 "True", 174 "False" 175 ], 176 "defaultValue": "True" 177 } 178 } 179 }