Last active
March 11, 2021 11:28
-
-
Save matt-FFFFFF/40365bdfffd3fbea6bef5b726837dc02 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "description": "Deploys NSG flow logs and traffic analytics to a storageaccountid with a specified retention period. This must be assigned once for each in-scope region because the storage account and NSG must be in the same region.", | |
| "displayName": "Deploys NSG flow logs and traffic analytics", | |
| "mode": "all", | |
| "parameters": { | |
| "effect": { | |
| "allowedValues": [ | |
| "DeployIfNotExists", | |
| "Disabled" | |
| ], | |
| "defaultValue": "DeployIfNotExists", | |
| "metadata": { | |
| "description": "Enable or disable the execution of the policy", | |
| "displayName": "Effect" | |
| }, | |
| "type": "String" | |
| }, | |
| "logAnalytics": { | |
| "defaultValue": "", | |
| "metadata": { | |
| "description": "Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.", | |
| "displayName": "Resource ID of Log Analytics workspace", | |
| "strongType": "omsWorkspace" | |
| }, | |
| "type": "String" | |
| }, | |
| "networkWatcherRG": { | |
| "defaultValue": "NetworkWatcherRG", | |
| "metadata": { | |
| "displayName": "Network Watchers RG", | |
| "description": "The name of the resource group where the flowLog resources will be created. This will be used only if a deployment is required. This is the resource group where the Network Watchers are located.", | |
| "strongType": "existingResourceGroups" | |
| }, | |
| "type": "String" | |
| }, | |
| "nsgRegion": { | |
| "metadata": { | |
| "displayName": "NSG Region", | |
| "strongType": "location" | |
| }, | |
| "type": "String" | |
| }, | |
| "retention": { | |
| "defaultValue": 5, | |
| "metadata": { | |
| "displayName": "Retention (days)" | |
| }, | |
| "type": "Integer" | |
| }, | |
| "storageId": { | |
| "metadata": { | |
| "displayName": "Storage Account Resource Id", | |
| "strongType": "Microsoft.Storage/storageAccounts" | |
| }, | |
| "type": "String" | |
| }, | |
| "trafficAnalyticsEnabled": { | |
| "allowedValues": [ | |
| true, | |
| false | |
| ], | |
| "defaultValue": false, | |
| "metadata": { | |
| "displayName": "Enable Traffic Analytics" | |
| }, | |
| "type": "Boolean" | |
| }, | |
| "trafficAnalyticsInterval": { | |
| "allowedValues": [ | |
| 10, | |
| 60 | |
| ], | |
| "defaultValue": 60, | |
| "metadata": { | |
| "displayName": "Traffic Analytics processing interval mins (10/60). 10 recommended for critical virtual networks." | |
| }, | |
| "type": "Integer" | |
| } | |
| }, | |
| "PolicyRule": { | |
| "if": { | |
| "allOf": [ | |
| { | |
| "field": "type", | |
| "equals": "Microsoft.Network/networkSecurityGroups" | |
| }, | |
| { | |
| "field": "location", | |
| "equals": "[parameters('nsgRegion')]" | |
| } | |
| ] | |
| }, | |
| "then": { | |
| "effect": "[parameters('effect')]", | |
| "details": { | |
| "type": "Microsoft.Network/networkWatchers/flowLogs", | |
| "name": "[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id'))), 'null/null', concat(split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[8], '/', split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[10]))]", | |
| "roleDefinitionIds": [ | |
| "/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa", | |
| "/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293", | |
| "/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7" | |
| ], | |
| "resourceGroupName": "[parameters('networkWatcherRG')]", | |
| "existenceCondition": { | |
| "allOf": [ | |
| { | |
| "field": "Microsoft.Network/networkWatchers/flowLogs/enabled", | |
| "equals": "true" | |
| }, | |
| { | |
| "field": "Microsoft.Network/networkWatchers/flowLogs/storageId", | |
| "equals": "[parameters('storageId')]" | |
| }, | |
| { | |
| "field": "Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled", | |
| "equals": "[parameters('trafficAnalyticsEnabled')]" | |
| } | |
| ] | |
| }, | |
| "deployment": { | |
| "properties": { | |
| "mode": "incremental", | |
| "parameters": { | |
| "trafficAnalyticsEnabled": { | |
| "value": "[parameters('trafficAnalyticsEnabled')]" | |
| }, | |
| "flowlogName": { | |
| "value": "[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs'))), concat(field('name'), '-', resourceGroup().name, '-', 'flowlog'), split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[10])]" | |
| }, | |
| "location": { | |
| "value": "[field('location')]" | |
| }, | |
| "logAnalytics": { | |
| "value": "[parameters('logAnalytics')]" | |
| }, | |
| "networkWatcherName": { | |
| "value": "[if(empty(coalesce(field('Microsoft.Network/networkSecurityGroups/flowLogs'))), concat('NetworkWatcher_', toLower(field('location'))), split(first(field('Microsoft.Network/networkSecurityGroups/flowLogs[*].id')), '/')[8])]" | |
| }, | |
| "retention": { | |
| "value": "[parameters('retention')]" | |
| }, | |
| "storageId": { | |
| "value": "[parameters('storageId')]" | |
| }, | |
| "targetResource": { | |
| "value": "[concat(resourceGroup().id, '/providers/Microsoft.Network/networkSecurityGroups/', field('name'))]" | |
| }, | |
| "trafficAnalyticsInterval": { | |
| "value": "[parameters('trafficAnalyticsInterval')]" | |
| } | |
| }, | |
| "template": { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "flowlogName": { | |
| "type": "string" | |
| }, | |
| "location": { | |
| "type": "string" | |
| }, | |
| "logAnalytics": { | |
| "type": "string" | |
| }, | |
| "networkWatcherName": { | |
| "type": "string" | |
| }, | |
| "retention": { | |
| "type": "int" | |
| }, | |
| "storageId": { | |
| "type": "string" | |
| }, | |
| "targetResource": { | |
| "type": "string" | |
| }, | |
| "trafficAnalyticsEnabled": { | |
| "type": "bool" | |
| }, | |
| "trafficAnalyticsInterval": { | |
| "type": "int" | |
| } | |
| }, | |
| "variables": {}, | |
| "resources": [ | |
| { | |
| "type": "Microsoft.Network/networkWatchers/flowLogs", | |
| "apiVersion": "2020-05-01", | |
| "name": "[concat(parameters('networkWatcherName'), '/', parameters('flowlogName'))]", | |
| "location": "[parameters('location')]", | |
| "properties": { | |
| "targetResourceId": "[parameters('targetResource')]", | |
| "storageId": "[parameters('storageId')]", | |
| "enabled": true, | |
| "retentionPolicy": { | |
| "enabled": true, | |
| "days": "[parameters('retention')]" | |
| }, | |
| "format": { | |
| "type": "JSON", | |
| "version": 2 | |
| }, | |
| "flowAnalyticsConfiguration": { | |
| "networkWatcherFlowAnalyticsConfiguration": { | |
| "enabled": "[bool(parameters('trafficAnalyticsEnabled'))]", | |
| "trafficAnalyticsInterval": "[parameters('trafficAnalyticsInterval')]", | |
| "workspaceId": "[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').properties.customerId, json('null')) ]", | |
| "workspaceRegion": "[if(not(empty(parameters('logAnalytics'))), reference(parameters('logAnalytics'), '2020-03-01-preview', 'Full').location, json('null')) ]", | |
| "workspaceResourceId": "[if(not(empty(parameters('logAnalytics'))), parameters('logAnalytics'), json('null'))]" | |
| } | |
| } | |
| } | |
| } | |
| ], | |
| "outputs": {} | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment