How do you enable Azure Key Vault logging using Terraform 11.14?

Question

How do you enable Azure Key Vault logging using Terraform 11.14?

Answer 1

You could refer to this example to enable diagnostic_setting for existing Azure Key vault.

For example, this works for me. I am using Terraform v0.12.5 + provider.azurerm v1.32.0

EDIT: You do not need to quote the identifiers in v0.12+ as there are no functions present, i.e. data.azurerm_key_vault.test.id vs "${data.azurerm_key_vault.test.id}"

data "azurerm_resource_group" "test"{
    name = "myrg"
}

data "azurerm_key_vault" "test" {
  name                = "mykeyvault"
  resource_group_name = "${data.azurerm_resource_group.test.name}"
}

data "azurerm_log_analytics_workspace" "test" {
  name                = "myloganalytics"
  resource_group_name = "${data.azurerm_resource_group.test.name}"
}

data "azurerm_storage_account" "test" {
  name                = "mystorageaccountname"
  resource_group_name = "${data.azurerm_resource_group.test.name}"
}

resource "azurerm_monitor_diagnostic_setting" "test" {
  name               = "example"
  target_resource_id = "${data.azurerm_key_vault.test.id}"
  storage_account_id = "${data.azurerm_storage_account.test.id}"
  log_analytics_workspace_id = "${data.azurerm_log_analytics_workspace.test.id}"


  log {
    category = "AuditEvent"
    enabled  = false

    retention_policy {
      enabled = false
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = false
    }
  }
}