Azure CLI - Configuring the App Service Logs

I'm trying to configure the Application Logging (Blob) and Web Server Logging (Storage) settings for a Azure Web App using the Azure CLI.

I am creating the Storage Container using the following command:

az storage container create --account-name StorageAccName --name ContainerName --auth-mode login

However, I can't link the Storage Settings in the Web App to use the new container.

I haven't been able to find anything in the reference documentation.

https://learn.microsoft.com/en-us/cli/azure/webapp/log?view=azure-cli-latest#az_webapp_log_config

Does anyone have a clever way to configure this setting? Thanks!

Updated with final solution based on the answer by krishg.

$webAppName = "containerName"
$accountName = "accountName"
$accountKey = "accountKey"

$containerExists =  az storage container exists --name $webAppName --account-name $accountName --auth-mode login | ConvertFrom-Json
"Container Exists: " + $containerExists.exists

if (!$containerExists.exists)
{
    $container = az storage container create --account-name $accountName --name $webAppName --auth-mode login | ConvertFrom-Json
    "Container Created: " + $container.created
}

$sas = az storage container generate-sas --account-name $accountName --expiry "2220-01-01" --name $webAppName --permissions dlrw --account-key $accountKey --start "2020-11-25T12:15:09Z"
$sasUrl = '"https://' + $accountName + '.blob.core.windows.net/' + $webAppName + '?' + $sas.Trim('"') + '"'
"Storage Account Container Shared Access Signature (SAS) URL: "
$sasUrl

$appServiceLogSettings = az webapp log show --name $webAppName --resource-group $resourceGroup | ConvertFrom-Json

$webapplog = az resource update --ids $appServiceLogSettings.id --set properties.applicationLogs.azureBlobStorage.sasUrl=$sasUrl, properties.applicationLogs.azureBlobStorage.retentionInDays="365", properties.applicationLogs.azureBlobStorage.level="Error", properties.httpLogs.azureBlobStorage.sasUrl=$sasUrl, properties.httpLogs.azureBlobStorage.retentionInDays="365", properties.httpLogs.azureBlobStorage.enabled="true", properties.detailedErrorMessages.enabled="true", properties.failedRequestsTracing.enabled="true" | ConvertFrom-Json
"Application Logging (Blob) Level: " + $webapplog.properties.applicationLogs.azureBlobStorage.level
"Application Logging (Blob) RetentionInDays: " + $webapplog.properties.applicationLogs.azureBlobStorage.retentionInDays
"Application Logging (Blob) SAS URL: " + $webapplog.properties.applicationLogs.azureBlobStorage.sasUrl

"Web Server Logging (Blob) Enabled: " + $webapplog.properties.httpLogs.azureBlobStorage.enabled
"Web Server Logging (Blob) RetentionInDays: " + $webapplog.properties.httpLogs.azureBlobStorage.retentionInDays
"Web Server Logging (Blob) SAS URL: " + $webapplog.properties.httpLogs.azureBlobStorage.sasUrl

"Detailed Error Messages: " + $webapplog.properties.detailedErrorMessages.enabled
"Failed Requests Tracing: " + $webapplog.properties.failedRequestsTracing.enabled

Solution

I agree it's bit of a bummer not having the option of setting storage account in az webapp log config. But you can do the following to set the storage settings in log config.

Generate a sas token of the storage container with required expiry using az storage container generate-sas. Below is just my example.

$sas = az storage container generate-sas --account-name mystorageaccount --expiry 2022-01-01 --name mycontainer --permissions dlrw
$sasUrl = 'https://mystorageaccount.blob.core.windows.net/mycontainer?' + $sas.Trim('"')

Get resource id of the log config of your app service.

$logConfigResourceId = az webapp log show --name MyWebApp --resource-group MyResourceGroup --query 'id' -o json

Set the property of the log config with the sas token generated above using az resource update --set.

az resource update --ids $logConfigResourceId --set properties.applicationLogs.azureBlobStorage.sasUrl=$sasUrl
az resource update --ids $logConfigResourceId --set properties.httpLogs.azureBlobStorage.sasUrl=$sasUrl
az resource update --ids $logConfigResourceId --set properties.httpLogs.azureBlobStorage.enabled=true

You can also combine all properties update in a single update by a comma-separated list like:

az resource update --ids $logConfigResourceId --set properties.applicationLogs.azureBlobStorage.sasUrl=$sasUrl,properties.httpLogs.azureBlobStorage.sasUrl=$sasUrl,properties.httpLogs.azureBlobStorage.enabled=true

To understand the structure of the log config resource if you want to update any other settings, you can run az webapp log show --name MyWebApp --resource-group MyResourceGroup.