azure-monitor-audit-activities¶
Ensure audit profile captures all the "categories" when configuring an Activity Log profile in order to ensure proper visibility over your infrastructure changes.
Examples¶
Insecure Example
resource "azurerm_monitor_log_profile" "example" {
name = "default"
categories = [
"Action",
]
locations = [
"westus",
"global",
]
# RootManageSharedAccessKey is created by default with listen, send, manage permissions
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = true
days = 7
}
}
Secure Example
resource "azurerm_monitor_log_profile" "example" {
name = "default"
categories = [
"Action",
"Delete",
"Write",
]
locations = [
"westus",
"global",
]
# RootManageSharedAccessKey is created by default with listen, send, manage permissions
servicebus_rule_id = "${azurerm_eventhub_namespace.example.id}/authorizationrules/RootManageSharedAccessKey"
storage_account_id = azurerm_storage_account.example.id
retention_policy {
enabled = true
days = 365
}
}