Skip to content

Commit

Permalink
Merge pull request #80 from Azure-Samples/keyvault_auditing
Browse files Browse the repository at this point in the history 
Audit keyvault access via log analytics
  • Loading branch information
@tonybaloney
tonybaloney authored Jun 5, 2024
2 parents 75d8c04 + 0b05fd8 commit 984454a
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
15 changes: 15 additions & 0 deletions {{cookiecutter.__src_folder_name}}/infra/core/security/keyvault.bicep
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
metadata description = 'Creates an Azure Key Vault.'
param name string
param location string = resourceGroup().location
param logAnalyticsWorkspaceId string
param tags object = {}

param principalId string = ''
Expand Down Expand Up @@ -35,6 +36,20 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
}
}

resource logs 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: 'logs'
scope: keyVault
properties: {
workspaceId: logAnalyticsWorkspaceId
logs: [
{
category: 'AuditEvent'
enabled: true
}
]
}
}

output endpoint string = keyVault.properties.vaultUri
output id string = keyVault.id
output name string = keyVault.name
1 change: 1 addition & 0 deletions {{cookiecutter.__src_folder_name}}/infra/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ module keyVault './core/security/keyvault.bicep' = {
location: location
tags: tags
principalId: principalId
logAnalyticsWorkspaceId: monitoring.outputs.logAnalyticsWorkspaceId
}
}

Expand Down

0 comments on commit 984454a

Please sign in to comment.