Configure diagnostic logs LAW,Bastion and update sentinel ui def (#1086)

* testing audit and bastion logs * compile bicep * fix variable used and recompile bicep * added array for bastion diag settings * update ui def for sentinel * tweak ui def * tweak ui def * GitHub Action: Build Bicep to JSON --------- Co-authored-by: github-actions <github-actions@github.com>
Azure · Sep 11, 2024 · af08903 · af08903
1 parent d8ac003
commit af08903
Show file tree

Hide file tree

Showing 6 changed files with 156 additions and 7 deletions.
diff --git a/src/bicep/form/mlz.portal.json b/src/bicep/form/mlz.portal.json
@@ -948,7 +948,20 @@
                   "name": "sentinelOptionalDetailsText",
                   "type": "Microsoft.Common.TextBlock",
                   "options": {
-                    "text": "Please note further configuration of Sentinel is required to take advantage of threat detection, log retention and response capabilities."
+                    "text": "Please note further configuration of Sentinel is required to take advantage of threat detection, log retention and response capabilities. Please check the following article to determine what regions support Sentinel.",
+                    "link": {
+                      "label": "Learn more about Sentinel regions",
+                      "uri": "https://learn.microsoft.com/en-us/azure/sentinel/geographical-availability-data-residency"
+                    }
+                  }
+                },
+                {
+                  "name": "sentinelFeatureAvailability",
+                  "type": "Microsoft.Common.InfoBox",
+                  "options": {
+                    "style": "Info",
+                    "text": "Please check the following article to see what features are available for Sentinel in different Azure environments.",
+                    "uri": "https://learn.microsoft.com/en-us/azure/sentinel/feature-availability"
                   }
                 },
                 {

diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep
@@ -323,6 +323,13 @@ param logStorageSkuName string = 'Standard_GRS'
 
 // REMOTE ACCESS PARAMETERS
 
+param bastionDiagnosticsLogs array = [
+  {
+    category: 'BastionAuditLogs'
+    enabled: true
+  }
+]
+
 @description('When set to "true", provisions Azure Bastion Host only. It defaults to "false".')
 param deployBastion bool = false
 
@@ -732,6 +739,7 @@ module storage 'modules/storage.bicep' = {
 module diagnostics 'modules/diagnostics.bicep' = {
   name: 'deploy-resource-diag-${deploymentNameSuffix}'
   params: {
+    bastionDiagnosticsLogs: bastionDiagnosticsLogs
     deployBastion: deployBastion
     deploymentNameSuffix: deploymentNameSuffix
     firewallDiagnosticsLogs: firewallDiagnosticsLogs

diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.29.47.4906",
-      "templateHash": "14639382000576629473"
+      "templateHash": "15931306768940102159"
     }
   },
   "parameters": {
@@ -549,6 +549,15 @@
         "description": "The Storage Account SKU to use for log storage. It defaults to \"Standard_GRS\". See https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types for valid settings."
       }
     },
+    "bastionDiagnosticsLogs": {
+      "type": "array",
+      "defaultValue": [
+        {
+          "category": "BastionAuditLogs",
+          "enabled": true
+        }
+      ]
+    },
     "deployBastion": {
       "type": "bool",
       "defaultValue": false,
@@ -7121,6 +7130,9 @@
         },
         "mode": "Incremental",
         "parameters": {
+          "bastionDiagnosticsLogs": {
+            "value": "[parameters('bastionDiagnosticsLogs')]"
+          },
           "deployBastion": {
             "value": "[parameters('deployBastion')]"
           },
@@ -7171,10 +7183,13 @@
             "_generator": {
               "name": "bicep",
               "version": "0.29.47.4906",
-              "templateHash": "7558548205011970878"
+              "templateHash": "13699796498043220180"
             }
           },
           "parameters": {
+            "bastionDiagnosticsLogs": {
+              "type": "array"
+            },
             "deployBastion": {
               "type": "bool"
             },
@@ -7341,7 +7356,7 @@
                     "_generator": {
                       "name": "bicep",
                       "version": "0.29.47.4906",
-                      "templateHash": "17680455217420763544"
+                      "templateHash": "6318152353890797757"
                     }
                   },
                   "parameters": {
@@ -7368,7 +7383,12 @@
                       "properties": {
                         "workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]",
                         "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]",
-                        "logs": "[if(equals(environment().name, 'AzureCloud'), createArray(createObject('category', 'Audit', 'enabled', true())), createArray())]",
+                        "logs": [
+                          {
+                            "category": "Audit",
+                            "enabled": true
+                          }
+                        ],
                         "metrics": [
                           {
                             "category": "AllMetrics",
@@ -7781,6 +7801,77 @@
                   ]
                 }
               }
+            },
+            {
+              "type": "Microsoft.Resources/deployments",
+              "apiVersion": "2022-09-01",
+              "name": "[format('deploy-bastion-diags-{0}', parameters('deploymentNameSuffix'))]",
+              "subscriptionId": "[variables('hub').subscriptionId]",
+              "resourceGroup": "[variables('hubResourceGroupName')]",
+              "properties": {
+                "expressionEvaluationOptions": {
+                  "scope": "inner"
+                },
+                "mode": "Incremental",
+                "parameters": {
+                  "bastionDiagnosticSettingName": {
+                    "value": "[replace(variables('hub').namingConvention.bastionHostPublicIPAddressDiagnosticSetting, parameters('serviceToken'), '')]"
+                  },
+                  "bastionName": {
+                    "value": "[variables('hub').namingConvention.bastionHost]"
+                  },
+                  "bastionStorageAccountId": {
+                    "value": "[parameters('storageAccountResourceIds')[0]]"
+                  },
+                  "logAnalyticsWorkspaceResourceId": {
+                    "value": "[parameters('logAnalyticsWorkspaceResourceId')]"
+                  },
+                  "logs": {
+                    "value": "[parameters('bastionDiagnosticsLogs')]"
+                  }
+                },
+                "template": {
+                  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+                  "contentVersion": "1.0.0.0",
+                  "metadata": {
+                    "_generator": {
+                      "name": "bicep",
+                      "version": "0.29.47.4906",
+                      "templateHash": "1417962456788904727"
+                    }
+                  },
+                  "parameters": {
+                    "bastionDiagnosticSettingName": {
+                      "type": "string"
+                    },
+                    "bastionName": {
+                      "type": "string"
+                    },
+                    "bastionStorageAccountId": {
+                      "type": "string"
+                    },
+                    "logAnalyticsWorkspaceResourceId": {
+                      "type": "string"
+                    },
+                    "logs": {
+                      "type": "array"
+                    }
+                  },
+                  "resources": [
+                    {
+                      "type": "Microsoft.Insights/diagnosticSettings",
+                      "apiVersion": "2017-05-01-preview",
+                      "scope": "[format('Microsoft.Network/bastionHosts/{0}', parameters('bastionName'))]",
+                      "name": "[parameters('bastionDiagnosticSettingName')]",
+                      "properties": {
+                        "storageAccountId": "[parameters('bastionStorageAccountId')]",
+                        "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]",
+                        "logs": "[parameters('logs')]"
+                      }
+                    }
+                  ]
+                }
+              }
             }
           ]
         }

diff --git a/src/bicep/modules/bastion-diagnostics.bicep b/src/bicep/modules/bastion-diagnostics.bicep
@@ -0,0 +1,24 @@
+/*
+Copyright (c) Microsoft Corporation.
+Licensed under the MIT License.
+*/
+
+param bastionDiagnosticSettingName string
+param bastionName string
+param bastionStorageAccountId string
+param logAnalyticsWorkspaceResourceId string
+param logs array
+
+resource bastionHost 'Microsoft.Network/bastionHosts@2021-02-01' existing = {
+  name: bastionName
+}
+
+resource diagnostics 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = {
+  scope: bastionHost
+  name: bastionDiagnosticSettingName
+  properties: {
+    storageAccountId: bastionStorageAccountId
+    workspaceId: logAnalyticsWorkspaceResourceId
+    logs: logs
+  }
+}
diff --git a/src/bicep/modules/diagnostics.bicep b/src/bicep/modules/diagnostics.bicep
@@ -5,6 +5,7 @@ Licensed under the MIT License.
 
 targetScope = 'subscription'
 
+param bastionDiagnosticsLogs array
 param deployBastion bool
 param deploymentNameSuffix string
 param firewallDiagnosticsLogs array
@@ -122,3 +123,15 @@ module keyvaultDiagnostics '../modules/key-vault-diagnostics.bicep' = {
     logs: keyVaultDiagnosticLogs
   }
 }
+
+module bastionDiagnostics '../modules/bastion-diagnostics.bicep' = {
+  name: 'deploy-bastion-diags-${deploymentNameSuffix}'
+  scope: resourceGroup(hub.subscriptionId, hubResourceGroupName)
+  params: {
+    bastionDiagnosticSettingName: replace(hub.namingConvention.bastionHostPublicIPAddressDiagnosticSetting, serviceToken, '')
+    bastionName: hub.namingConvention.bastionHost
+    bastionStorageAccountId: storageAccountResourceIds[0]
+    logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId
+    logs: bastionDiagnosticsLogs
+  }
+}
diff --git a/src/bicep/modules/log-analytics-diagnostic-setting.bicep b/src/bicep/modules/log-analytics-diagnostic-setting.bicep
@@ -23,12 +23,12 @@ resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2017-05-01-pre
   properties: {
     workspaceId: logAnalyticsWorkspace.id
     storageAccountId: stg.id
-    logs: environment().name == 'AzureCloud' ? [
+    logs: [
       {
         category: 'Audit'
         enabled: true
       }
-    ] : []
+    ]
     metrics: [
       {
         category: 'AllMetrics'