Merge pull request #80 from Azure-Samples/keyvault_auditing

tonybaloney · web-flow · commit 984454a27bd8 · 2024-06-05T19:39:08.000+10:00
Audit keyvault access via log analytics
diff --git a/{{cookiecutter.__src_folder_name}}/infra/core/security/keyvault.bicep b/{{cookiecutter.__src_folder_name}}/infra/core/security/keyvault.bicep
@@ -1,6 +1,7 @@
 metadata description = 'Creates an Azure Key Vault.'
 param name string
 param location string = resourceGroup().location
+param logAnalyticsWorkspaceId string
 param tags object = {}
 
 param principalId string = ''
@@ -35,6 +36,20 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
   }
 }
 
+resource logs 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
+  name: 'logs'
+  scope: keyVault
+  properties: {
+    workspaceId: logAnalyticsWorkspaceId
+    logs: [
+      {
+        category: 'AuditEvent'
+        enabled: true
+      }
+    ]
+  }
+}
+
 output endpoint string = keyVault.properties.vaultUri
 output id string = keyVault.id
 output name string = keyVault.name
diff --git a/{{cookiecutter.__src_folder_name}}/infra/main.bicep b/{{cookiecutter.__src_folder_name}}/infra/main.bicep
@@ -47,6 +47,7 @@ module keyVault './core/security/keyvault.bicep' = {
     location: location
     tags: tags
     principalId: principalId
+    logAnalyticsWorkspaceId: monitoring.outputs.logAnalyticsWorkspaceId
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ module keyVault './core/security/keyvault.bicep' = {`
`47`	`47`	`location: location`
`48`	`48`	`tags: tags`
`49`	`49`	`principalId: principalId`
	`50`	`+ logAnalyticsWorkspaceId: monitoring.outputs.logAnalyticsWorkspaceId`
`50`	`51`	`}`
`51`	`52`	`}`
`52`	`53`