azureterraformazure-api-managementterraform-provider-azureazureportal
Creation and Linking of Azure Resources in Terraform
Need to create and link Azure resources such as Application Insights, Key Vault and Log Analytics to APIM through Terraform. I went through Terraform documentation and other websites but couldn't find any example. Here is my Terraform script for initialization of resources under a resource group but APIM and Application Insights, Key Vault and Log Analytics need to be linked after logging into Azure Portal. I am looking forward to create and resources to be linked and avoid manual linking in Azure Portal.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.2"
}
}
required_version = ">= 1.1.0"
}
provider "azurerm" {
features {}
}
data "azurerm_client_config" "current" {}
#APIM Resource
resource "azurerm_resource_group" "TerraformPOC-DevResourceGroup" {
name = "TerraformPOC-DevResourceGroup"
location = "WestEurope"
}
resource "azurerm_application_insights" "TerraformPOC-Application-Insights" {
name = "TerraformPOC-Application-Insights"
location = azurerm_resource_group.TerraformPOC-DevResourceGroup.location
resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
application_type = "other"
}
resource "azurerm_api_management" "TerraformPOC-APIManagement" {
name = "TerraformPOC-APIManagement"
location = azurerm_resource_group.TerraformPOC-DevResourceGroup.location
resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
publisher_name = "TestDemo"
publisher_email = "[email protected]"
sku_name = "Developer_1"
}
resource "azurerm_log_analytics_workspace" "TerraformPOC-Log-Analytics" {
name = "TerraformPOC-Log-Analytics"
location = azurerm_resource_group.TerraformPOC-DevResourceGroup.location
resource_group_name = azurerm_resource_group.TerraformPOC-DevResourceGroup.name
retention_in_days = 30
}
Solution
I tried to reproduce the scenario in my environment:
I used the below code to link log analytics workspace to azure keyvalut:
Code:
resource "azurerm_key_vault" "test" {
name = "kavymykeyvault"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"Get"
]
secret_permissions = [
"Get"
]
storage_permissions = [
"Get"
]
}
}
resource "azurerm_log_analytics_workspace" "test" {
name = "myloganalyticskav"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
}
resource "azurerm_storage_account" "test" {
name = "kamystorageaccountname"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_monitor_diagnostic_setting" "test" {
name = "kavyaexamplediag"
target_resource_id = azurerm_key_vault.test.id
storage_account_id = azurerm_storage_account.test.id
log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id
log {
category = "AuditEvent"
enabled = false
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
retention_policy {
enabled = false
}
}
}
And could create successfully
Portal:
Same way you can use below code to link azure app insights to APIM
Code:
resource "azurerm_application_insights" "example" {
name = "kaaexample-appinsights"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
application_type = "web"
}
resource "azurerm_api_management" "example" {
name = "kavyaaaexample-apim"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
publisher_name = "My Company"
publisher_email = "[email protected]"
sku_name = "Developer_1"
}
resource "azurerm_api_management_logger" "example" {
name = "kaavexample-apimlogger"
api_management_name = azurerm_api_management.example.name
resource_group_name = data.azurerm_resource_group.example.name
application_insights {
instrumentation_key = azurerm_application_insights.example.instrumentation_key
}
}
resource "azurerm_api_management_diagnostic" "example" {
identifier = "applicationinsights"
resource_group_name = data.azurerm_resource_group.example.name
api_management_name = azurerm_api_management.example.name
api_management_logger_id = azurerm_api_management_logger.example.id
sampling_percentage = 5.0
always_log_errors = true
log_client_ip = true
verbosity = "verbose"
http_correlation_protocol = "W3C"
frontend_request {
body_bytes = 32
headers_to_log = [
"content-type",
"accept",
"origin",
]
}
frontend_response {
body_bytes = 32
headers_to_log = [
"content-type",
"content-length",
"origin",
]
}
backend_request {
body_bytes = 32
headers_to_log = [
"content-type",
"accept",
"origin",
]
}
backend_response {
body_bytes = 32
headers_to_log = [
"content-type",
"content-length",
"origin",
]
}
}
- How can I define compile time constants in bicep configuration language?
- Outlook calendar don't render with FullCalendar
- Azure functions decoding error for IotHub device connection state message schema
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- How to mount multiple disks in a loop using ansible
- How can I get sub value in nested json via KQL?
- Azure .NET SDK: Scale Azure SQL databases through SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to transfer "Set Variable" activity output into Json file using "Copy Data" activity or any other options?
- Verify Microsoft Access token on my ASP.NET Core Web API
- I'm trying to install the package from a private Azure DevOps repository using the pip install command, but I'm encountering an error
- Unable to define the sites for an App Registration for SahrePoint with Site.Selected
- Check if the resource exists before using data
- Not able to see azure 'LifecyclePolicyCompleted event' log
- Direct Web Push gives Error when used from Notification Hub
- Azure Remove User Consent to API
- Flutter-Azure Deviops pipelineThe discrepancy between the number of tests reported as passed or failed in the pipeline output and the test report
- App_location on deployment of a static webapp
- MSINotEnabled - Can't use KeyVault Reference in Azure Function
- Reading values from a key value based file and passing these values to azure devops template
- Deleting an Azure Loadbalancer Frontend IP configuration from python?
- How to retrieve the front door id from a Microsoft CDN (classic)
- What is HEAD operation in CosmosDB reported in Azure Monitoring
- Deploying a Python App to Azure App Service with Github Actions
- How to Query User Access Logs for Azure Front Door
- How can I add email recipients to a Graph API request programmatically?
- How to create Azure Devops Service Connection Docker Registry Type Other
- Problem with CORS policy in React front end with FastAPI on the back trying to use Microsoft Single Sign-on
- Azure Document Intelligence Custom Classification Python API
- Azure Function App unaccounted for time in Application Insights Timeline