Skip to content

Commit

Permalink
Add beyondTrustTenant parameter and update role assignments in Bicep …
Browse files Browse the repository at this point in the history 
…modules
  • Loading branch information
@FrodeHus
FrodeHus committed Dec 16, 2024
1 parent d73cf0a commit f350168
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 4 deletions.
12 changes: 12 additions & 0 deletions main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ type functionAppConfig = {
keyvaultName: string
}

param beyondTrustTenant string
param datacollection dataCollectionConfig
param functionConfig functionAppConfig

Expand All @@ -30,6 +31,7 @@ module functionappModule './modules/functionapp.bicep' = {
workspaceName: datacollectionModule.outputs.workspaceResourceId
endpointImmutableId: datacollectionModule.outputs.dcrImmutableId
endpointUri: datacollectionModule.outputs.logsIngestionEndpoint
beyondTrustTenant: beyondTrustTenant
}
}
}
Expand All @@ -55,3 +57,13 @@ module workspaceReaderRoleAssignment './modules/workspace-role-assignment.bicep'
workspaceName: datacollection.workspaceName
}
}

module workspaceMetricPublisherRoleAssignment './modules/workspace-role-assignment.bicep' = {
name: 'workspaceMetricPublisherRoleAssignment'
params: {
roleAssignmentName: '${uniqueString(functionConfig.name)}-workspace-metric-publisher-role-assignment'
roleDefinitionId: '3913510d-42f4-4e42-8a64-420c390055eb' // Log Analytics Reader
principalId: principalId
workspaceName: datacollection.workspaceName
}
}
2 changes: 1 addition & 1 deletion main.bicepparam
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
using './main.bicep'

param beyondTrustTenant = 'mytenant'
param datacollection = {
ruleName: 'dcr-beyondtrust'
endpointName: 'beyondtrust-endpoint'
Expand Down
9 changes: 6 additions & 3 deletions modules/datacollection.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@ param ruleName string
param endpointName string
param workspaceName string

var workspaceResourceId = resourceId('Microsoft.OperationalInsights/workspaces', workspaceName)
output workspaceResourceId string = workspaceResourceId
resource law 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
name: workspaceName
}

output workspaceId string = law.id

resource dataCollectionEndpoint 'Microsoft.Insights/dataCollectionEndpoints@2023-03-11' = {
name: endpointName
Expand Down Expand Up @@ -250,7 +253,7 @@ resource dataCollectionRule 'Microsoft.Insights/dataCollectionRules@2023-03-11'
destinations: {
logAnalytics: [
{
workspaceResourceId: workspaceResourceId
workspaceResourceId: workspace.id
name: 'beyondTrustWorkspace'
}
]
Expand Down
5 changes: 5 additions & 0 deletions modules/functionapp.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ type dataCollectionConfig = {
endpointImmutableId: string
endpointUri: string
workspaceName: string
beyondTrustTenant: string
}

param dataCollection dataCollectionConfig
Expand Down Expand Up @@ -100,6 +101,10 @@ resource functionApp 'Microsoft.Web/sites@2021-03-01' = {
name: 'DCR_ENDPOINT'
value: dataCollection.endpointUri
}
{
name: 'BEYONDTRUST_TENANT'
value: dataCollection.beyondTrustTenant
}
]
netFrameworkVersion: 'v9.0'
ftpsState: 'FtpsOnly'
Expand Down

0 comments on commit f350168

Please sign in to comment.