1 {
2 "mode": "All",
3 "policyRule": {
4 "if": {
5 "field": "type",
6 "equals": "/subscriptions"
7 },
8 "then": {
9 "effect": "[parameters('effect')]",
10 "details": {
11 "type": "/diagnosticSettings",
12 "ExistenceScope": "Subscription",
13 "existenceCondition": {
14 "allOf": [
15 {
16 "field": "/diagnosticSettings/storageAccountId",
17 "equals": "[parameters('storageAccount')]"
18 },
19 {
20 "count": {
21 "field": "/diagnosticSettings/logs[*]",
22 "where": {
23 "allOf": [
24 {
25 "anyof": [
26 {
27 "field": "/diagnosticSettings/logs[*].category",
28 "equals": "Administrative"
29 },
30 {
31 "field": "/diagnosticSettings/logs[*].category",
32 "equals": "Security"
33 },
34 {
35 "field": "/diagnosticSettings/logs[*].category",
36 "equals": "Alert"
37 },
38 {
39 "field": "/diagnosticSettings/logs[*].category",
40 "equals": "Recommendation"
41 },
42 {
43 "field": "/diagnosticSettings/logs[*].category",
44 "equals": "ResourceHealth"
45 }
46 ]
47 },
48 {
49 "field": "/diagnosticSettings/logs[*].enabled",
50 "equals": "true"
51 }
52 ]
53 }
54 },
55 "equals": 5
56 }
57 ]
58 },
59 "deploymentScope": "subscription",
60 "deployment": {
61 "location": "chinaeast2",
62 "properties": {
63 "mode": "incremental",
64 "template": {
65 "$schema": "/schemas/2018-05-01/#",
66 "contentVersion": "1.0.0.0",
67 "parameters": {
68 "storageAccount": {
69 "type": "string"
70 },
71 "logsEnabled": {
72 "type": "string"
73 },
74 "profileName": {
75 "type": "string"
76 }
77 },
78 "variables": {},
79 "resources": [
80 {
81 "type": "/diagnosticSettings",
82 "apiVersion": "2017-05-01-preview",
83 "name": "[parameters('profileName')]",
84 "location": "global",
85 "dependsOn": [],
86 "properties": {
87 "storageAccountId": "[parameters('storageAccount')]",
88 "logs": [
89 {
90 "category": "Administrative",
91 "enabled": "[parameters('logsEnabled')]"
92 },
93 {
94 "category": "Security",
95 "enabled": "[parameters('logsEnabled')]"
96 },
97 {
98 "category": "Alert",
99 "enabled": "[parameters('logsEnabled')]"
100 },
101 {
102 "category": "Recommendation",
103 "enabled": "[parameters('logsEnabled')]"
104 },
105 {
106 "category": "ResourceHealth",
107 "enabled": "[parameters('logsEnabled')]"
108 }
109 ]
110 }
111 }
112 ],
113 "outputs": {}
114 },
115 "parameters": {
116 "storageAccount": {
117 "value": "[parameters('storageAccount')]"
118 },
119 "logsEnabled": {
120 "value": "[parameters('logsEnabled')]"
121 },
122 "profileName": {
123 "value": "[parameters('profileName')]"
124 }
125 }
126 }
127 },
128 "roleDefinitionIds": [
129 "/providers//roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
130 "/providers//roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"
131 ]
132 }
133 }
134 },
135 "parameters": {
136 "effect": {
137 "type": "String",
138 "metadata": {
139 "displayName": "Effect",
140 "description": "Enable or disable the execution of the policy"
141 },
142 "allowedValues": [
143 "DeployIfNotExists",
144 "Disabled"
145 ],
146 "defaultValue": "DeployIfNotExists"
147 },
148 "profileName": {
149 "type": "String",
150 "metadata": {
151 "displayName": "Profile name",
152 "description": "The diagnostic settings profile name"
153 },
154 "defaultValue": "setbypolicy_storageaccount"
155 },
156 "storageAccount": {
157 "type": "String",
158 "metadata": {
159 "displayName": "Storage Account Name",
160 "description": "Select storage account from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.",
161 "strongType": "/storageAccounts",
162 "assignPermissions": true
163 },
164 "defaultValue": "/subscriptions/<subscription id>/resourcegroups/<resource group name>/providers//storageaccounts/<storage account name>"
165 },
166 "logsEnabled": {
167 "type": "String",
168 "metadata": {
169 "displayName": "Enable logs",
170 "description": "Whether to enable logs stream to the Log Analytics workspace - True or False"
171 },
172 "allowedValues": [
173 "True",
174 "False"
175 ],
176 "defaultValue": "True"
177 }
178 }
179 }