Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,328 @@
{
"name": "1a30544f-d89d-42ee-9e74-7f8176772c3d",
"type": "Microsoft.Authorization/policyDefinitions",
"properties": {
"displayName": "Deploy Activity Log Alert for the selected category and operation name",
"description": "Deploy Activity Log Alert for the selected category and operation name",
"metadata": {
"version": "1.0.0",
"category": "Monitoring"
},
"mode": "All",
"parameters": {
"actionGroupResourceId": {
"type": "string",
"metadata": {
"description": "Name for the Action group.",
"displayName": "Action Group Resource ID"
}
},
"activityLogAlertName": {
"type": "string",
"metadata": {
"description": "Name for the Activity log alert.",
"displayName": "Alert Name"
}
},
"appendSubscriptionNameAsPrefix": {
"type": "boolean",
"metadata": {
"description": "Append the Subscription Name to the parameter for the name of the Activity log alert and for the rg name.",
"displayName": "Append Subscription Name as Prefix"
},
"defaultValue": false,
"allowedValues":[
true,
false
]
},
"activityLogCategory": {
"type": "string",
"metadata": {
"description": "Category for the Activity log alert.",
"displayName": "Alert Category"
},
"allowedValues": [
"Administrative",
"Security",
"ServiceHealth",
"Alert",
"Recommendation",
"Policy",
"Autoscale",
"ResourceHealth"
],
"defaultValue": "Administrative"
},
"activityLogOperationName": {
"type": "string",
"metadata": {
"description": "Operation Name for the Activity log alert. format: Microsoft.Provider/resourceType/actionOrOperation examples: Microsoft.Sql/servers/firewallRules/write, Microsoft.Security/policies/write",
"displayName": "Alert Operation Name"
}
},
"activityLogAlertResourceGroupName": {
"type": "string",
"metadata": {
"description": "This is the name of the Resource Group that will contain the Activity log alert resource.",
"displayName": "Alert Resource Group Name"
}
},
"activityLogAlertResourceGroupLocation": {
"type": "string",
"metadata": {
"description": "This is the location of the Resource Group that will contain the Activity log alert resource.",
"displayName": "Alert Resource Group Location",
"strongType": "location"
},
"defaultValue": "northeurope"
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "DeployIfNotExists, AuditIfNotExists or Disabled the execution of the Policy"
},
"allowedValues": [
"DeployIfNotExists",
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.resources/subscriptions"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Insights/activityLogAlerts",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/enabled",
"equals": "true"
},
{
"count": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]",
"where": {
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "[parameters('activityLogCategory')]"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "operationName"
},
{
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals",
"equals": "[parameters('activityLogOperationName')]"
}
]
}
]
}
},
"equals": 2
},
{
"not": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "category"
}
},
{
"not": {
"field": "Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field",
"equals": "operationName"
}
}
]
},
"deploymentScope": "subscription",
"resourceGroupName":"[if(parameters('appendSubscriptionNameAsPrefix'), concat(subscription().displayName,'-', parameters('activityLogAlertResourceGroupName')), parameters('activityLogAlertResourceGroupName'))]",
"deployment": {
"location": "eastus",
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"activityLogAlertResourceGroupName": {
"type": "string"
},
"activityLogAlertResourceGroupLocation": {
"type": "string"
},
"actionGroupResourceId": {
"type": "string"
},
"activityLogAlertName": {
"type": "string"
},
"activityLogCategory": {
"type": "string"
},
"activityLogOperationName": {
"type": "string"
},
"appendSubscriptionNameAsPrefix": {
"type": "bool"
}
},
"variables": {
"createRg": "[concat('deployRG-', uniqueString(deployment().name))]",
"createAlert": "[concat('deployAlert-', uniqueString(deployment().name))]",
"alertRGNAme": "[if(parameters('appendSubscriptionNameAsPrefix'), concat(subscription().displayName,'-', parameters('activityLogAlertResourceGroupName')), parameters('activityLogAlertResourceGroupName'))]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2022-09-01",
"name": "[variables('alertRGNAme')]",
"location": "[parameters('activityLogAlertResourceGroupLocation')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-06-01",
"name": "[variables('createAlert')]",
"resourceGroup": "[variables('alertRGNAme')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/resourceGroups', variables('alertRGNAme'))]"
],
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
},
"mode": "Incremental",
"parameters": {
"activityLogAlertName": {
"value": "[trim(parameters('activityLogAlertName'))]"
},
"actionGroupResourceId": {
"value": "[trim(parameters('actionGroupResourceId'))]"
},
"activityLogCategory": {
"value": "[parameters('activityLogCategory')]"
},
"activityLogOperationName": {
"value": "[trim(parameters('activityLogOperationName'))]"
},
"appendSubscriptionNameAsPrefix": {
"value": "[parameters('appendSubscriptionNameAsPrefix')]"
}
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"actionGroupResourceId": {
"type": "string"
},
"activityLogAlertName": {
"type": "string"
},
"activityLogCategory": {
"type": "string"
},
"activityLogOperationName": {
"type": "string"
},
"appendSubscriptionNameAsPrefix": {
"type": "bool"
}
},
"variables": {
"alertName": "[if(parameters('appendSubscriptionNameAsPrefix'), concat(subscription().displayName,'-', parameters('activityLogAlertName')), parameters('activityLogAlertName'))]"
},
"resources": [
{
"type": "Microsoft.Insights/activityLogAlerts",
"apiVersion": "2017-04-01",
"name": "[substring(variables('alertName') ,0 , min(createArray(length(variables('alertName')), 259)))]",
"location": "Global",
"properties": {
"enabled": true,
"scopes": [
"[subscription().id]"
],
"condition": {
"allOf": [
{
"field": "category",
"equals": "[parameters('activityLogCategory')]"
},
{
"field": "operationName",
"equals": "[parameters('activityLogOperationName')]"
}
]
},
"actions": {
"actionGroups": [
{
"actionGroupId": "[parameters('actionGroupResourceId')]"
}
]
}
}
}
]
}
}
}
]
},
"parameters": {
"activityLogAlertName": {
"value": "[trim(parameters('activityLogAlertName'))]"
},
"actionGroupResourceId": {
"value": "[trim(parameters('actionGroupResourceId'))]"
},
"activityLogCategory": {
"value": "[parameters('activityLogCategory')]"
},
"activityLogOperationName": {
"value": "[trim(parameters('activityLogOperationName'))]"
},
"appendSubscriptionNameAsPrefix": {
"value": "[parameters('appendSubscriptionNameAsPrefix')]"
},
"activityLogAlertResourceGroupName": {
"value": "[parameters('activityLogAlertResourceGroupName')]"
},
"activityLogAlertResourceGroupLocation": {
"value": "[parameters('activityLogAlertResourceGroupLocation')]"
}
}
}
}
}
}
}
}
}
Loading
Loading