Creation and Linking of Azure Resources in Terraform-CodePudding

Need to create and link Azure resources such as Application Insights, Key Vault and Log Analytics to APIM through Terraform. I went through Terraform documentation and other websites but couldn't find any example. Here is my Terraform script for initialization of resources under a resource group but APIM and Application Insights, Key Vault and Log Analytics need to be linked after logging into Azure Portal. I am looking forward to create and resources to be linked and avoid manual linking in Azure Portal.

    terraform {
      required_providers {
        azurerm = {
          source  = "hashicorp/azurerm"
          version = "~> 3.0.2"
        }
      }
      required_version = ">= 1.1.0"
    }
    
    provider "azurerm" {
      features {}
    }
    
    data "azurerm_client_config" "current" {}
    
    
    #APIM Resource
    resource "azurerm_resource_group" "TerraformPOC-DevResourceGroup" {
      name     = "TerraformPOC-DevResourceGroup"
      location = "WestEurope"
    }
    
    
    resource "azurerm_application_insights" "TerraformPOC-Application-Insights" {
      name                = "TerraformPOC-Application-Insights"
      location            = azurerm_resource_group.TerraformPOC-DevResourceGroup.location
      resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
      application_type    = "other"
    }
    
    
    resource "azurerm_api_management" "TerraformPOC-APIManagement" {
      name                = "TerraformPOC-APIManagement"
      location            = azurerm_resource_group.TerraformPOC-DevResourceGroup.location
      resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
      publisher_name      = "TestDemo"
      publisher_email     = "[email protected]"
      sku_name            = "Developer_1"
    }
    
    
    resource "azurerm_log_analytics_workspace" "TerraformPOC-Log-Analytics" {
      name                = "TerraformPOC-Log-Analytics"
      location            = azurerm_resource_group.TerraformPOC-DevResourceGroup.location
      resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
      retention_in_days   = 30
    }

CodePudding user response：

To link Application Insights to APIM, you can use the azurerm_api_management_diagnostic resource. This resource allows you to specify the Application Insights resource ID and set the log level. For example:

resource "azurerm_api_management_diagnostic" "example" {
api_management_name = azurerm_api_management.TerraformPOC-APIManagement.name
resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
log_analytics_workspace_id = azurerm_log_analytics_workspace.TerraformPOC-Log-Analytics.id
log_level            = "Error"
log_category         = ["All"]
}

To link Log Analytics to APIM, you can use the azurerm_api_management_logger resource. This resource allows you to specify the Log Analytics resource ID and set the logging level:

resource "azurerm_api_management_logger" "example" {
api_management_name = azurerm_api_management.TerraformPOC-APIManagement.name
 resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
logger_id           = azurerm_log_analytics_workspace.TerraformPOC-Log-Analytics.id
logger_type         = "AzureMonitor"
sampling            = 100
frontend            = true
 backend             = true
enable_http_correlation_headers = true
}

To link Key Vault to APIM, you can use the azurerm_api_management_key_vault resource. This resource allows you to specify the Key Vault resource ID and set the secret permissions:

resource "azurerm_api_management_key_vault" "example" {
api_management_name = azurerm_api_management.TerraformPOC-APIManagement.name
resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
key_vault_id        = "your_key_vault_id"
secret_permissions  = ["get"]
}

I hope this helps!

CodePudding user response：

I tried to reproduce the scenario in my environment: I used the below code to link log analytics workspace to azure keyvalut: Code:

resource "azurerm_key_vault" "test" {
  name                = "kavymykeyvault"
  resource_group_name = data.azurerm_resource_group.example.name
  location = data.azurerm_resource_group.example.location
  enabled_for_disk_encryption = true
  tenant_id                   = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days  = 7
  purge_protection_enabled    = false

  sku_name = "standard"

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.object_id

    key_permissions = [
      "Get"
    ]

    secret_permissions = [
      "Get"
    ]

    storage_permissions = [
      "Get"
    ]
  }

}

resource "azurerm_log_analytics_workspace" "test" {
  name                = "myloganalyticskav"
  resource_group_name = data.azurerm_resource_group.example.name
  location = data.azurerm_resource_group.example.location
}

resource "azurerm_storage_account" "test" {
  name                = "kamystorageaccountname"
  location = data.azurerm_resource_group.example.location
  resource_group_name = data.azurerm_resource_group.example.name
  account_tier             = "Standard"
  account_replication_type = "LRS" 
}

resource "azurerm_monitor_diagnostic_setting" "test" {
  name               = "kavyaexamplediag"
  target_resource_id = azurerm_key_vault.test.id
  storage_account_id = azurerm_storage_account.test.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id

  log {
    category = "AuditEvent"
    enabled  = false

    retention_policy {
      enabled = false
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = false
    }
  }
}

And could create successfully