import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages an Azure Active Directory Diagnostic Setting for Azure Monitor. * * > **Note:** When using Service Principal authentication, the Service Principal must be assigned the _Contributor_ role at the scope `/providers/Microsoft.aadiam`. You can assign this role using the `az` CLI command: `az role assignment create --assignee-principal-type ServicePrincipal --assignee-object-id "" --scope "/providers/Microsoft.aadiam" --role "Contributor"`. The assigning user must be a User Access Administrator at the root level. Refer to the [Azure elevation guide](https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin) for details. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-rg", * location: "west europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "examplestorageaccount", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountKind: "StorageV2", * accountReplicationType: "LRS", * }); * const exampleAadDiagnosticSetting = new azure.monitoring.AadDiagnosticSetting("example", { * name: "setting1", * storageAccountId: exampleAccount.id, * enabledLogs: [ * { * category: "SignInLogs", * }, * { * category: "AuditLogs", * }, * { * category: "NonInteractiveUserSignInLogs", * }, * { * category: "ServicePrincipalSignInLogs", * }, * ], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.AADIAM` - 2017-04-01 * * ## Import * * Monitor Azure Active Directory Diagnostic Settings can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:monitoring/aadDiagnosticSetting:AadDiagnosticSetting example /providers/Microsoft.AADIAM/diagnosticSettings/setting1 * ``` */ export declare class AadDiagnosticSetting extends pulumi.CustomResource { /** * Get an existing AadDiagnosticSetting resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AadDiagnosticSettingState, opts?: pulumi.CustomResourceOptions): AadDiagnosticSetting; /** * Returns true if the given object is an instance of AadDiagnosticSetting. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AadDiagnosticSetting; /** * One or more `enabledLog` blocks as defined below. */ readonly enabledLogs: pulumi.Output; /** * Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. Changing this forces a new resource to be created. * * > **Note:** This can be sourced from the `azure.eventhub.EventHubNamespaceAuthorizationRule` resource and is different from a `azure.eventhub.AuthorizationRule` resource. */ readonly eventhubAuthorizationRuleId: pulumi.Output; /** * Specifies the name of the Event Hub where Diagnostics Data should be sent. If not specified, the default Event Hub will be used. Changing this forces a new resource to be created. */ readonly eventhubName: pulumi.Output; /** * Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent. */ readonly logAnalyticsWorkspaceId: pulumi.Output; /** * The name which should be used for this Monitor Azure Active Directory Diagnostic Setting. Changing this forces a new Monitor Azure Active Directory Diagnostic Setting to be created. */ readonly name: pulumi.Output; /** * The ID of the Storage Account where logs should be sent. Changing this forces a new resource to be created. * * > **Note:** One of `eventhubAuthorizationRuleId`, `logAnalyticsWorkspaceId` and `storageAccountId` must be specified. */ readonly storageAccountId: pulumi.Output; /** * Create a AadDiagnosticSetting resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: AadDiagnosticSettingArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AadDiagnosticSetting resources. */ export interface AadDiagnosticSettingState { /** * One or more `enabledLog` blocks as defined below. */ enabledLogs?: pulumi.Input[]>; /** * Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. Changing this forces a new resource to be created. * * > **Note:** This can be sourced from the `azure.eventhub.EventHubNamespaceAuthorizationRule` resource and is different from a `azure.eventhub.AuthorizationRule` resource. */ eventhubAuthorizationRuleId?: pulumi.Input; /** * Specifies the name of the Event Hub where Diagnostics Data should be sent. If not specified, the default Event Hub will be used. Changing this forces a new resource to be created. */ eventhubName?: pulumi.Input; /** * Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent. */ logAnalyticsWorkspaceId?: pulumi.Input; /** * The name which should be used for this Monitor Azure Active Directory Diagnostic Setting. Changing this forces a new Monitor Azure Active Directory Diagnostic Setting to be created. */ name?: pulumi.Input; /** * The ID of the Storage Account where logs should be sent. Changing this forces a new resource to be created. * * > **Note:** One of `eventhubAuthorizationRuleId`, `logAnalyticsWorkspaceId` and `storageAccountId` must be specified. */ storageAccountId?: pulumi.Input; } /** * The set of arguments for constructing a AadDiagnosticSetting resource. */ export interface AadDiagnosticSettingArgs { /** * One or more `enabledLog` blocks as defined below. */ enabledLogs?: pulumi.Input[]>; /** * Specifies the ID of an Event Hub Namespace Authorization Rule used to send Diagnostics Data. Changing this forces a new resource to be created. * * > **Note:** This can be sourced from the `azure.eventhub.EventHubNamespaceAuthorizationRule` resource and is different from a `azure.eventhub.AuthorizationRule` resource. */ eventhubAuthorizationRuleId?: pulumi.Input; /** * Specifies the name of the Event Hub where Diagnostics Data should be sent. If not specified, the default Event Hub will be used. Changing this forces a new resource to be created. */ eventhubName?: pulumi.Input; /** * Specifies the ID of a Log Analytics Workspace where Diagnostics Data should be sent. */ logAnalyticsWorkspaceId?: pulumi.Input; /** * The name which should be used for this Monitor Azure Active Directory Diagnostic Setting. Changing this forces a new Monitor Azure Active Directory Diagnostic Setting to be created. */ name?: pulumi.Input; /** * The ID of the Storage Account where logs should be sent. Changing this forces a new resource to be created. * * > **Note:** One of `eventhubAuthorizationRuleId`, `logAnalyticsWorkspaceId` and `storageAccountId` must be specified. */ storageAccountId?: pulumi.Input; }