Merge pull request #116 from Azure-Samples/keyvaultaudit

Capture KeyVault Audit Events
Azure-Samples · Jun 5, 2024 · 9ecba00 · 9ecba00
2 parents 901b9ce + d540730
commit 9ecba00
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/.cruft.json b/.cruft.json
@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/Azure-Samples/Azure-Python-Standardization-Template-Generator",
-  "commit": "75d8c04bda1e75ae989198d933a785ca153bd891",
+  "commit": "984454a27bd81d8d26794bd3464e9b1b5714ff66",
   "checkout": null,
   "context": {
     "cookiecutter": {

diff --git a/infra/core/security/keyvault.bicep b/infra/core/security/keyvault.bicep
@@ -1,6 +1,7 @@
 metadata description = 'Creates an Azure Key Vault.'
 param name string
 param location string = resourceGroup().location
+param logAnalyticsWorkspaceId string
 param tags object = {}
 
 param principalId string = ''
@@ -35,6 +36,20 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
   }
 }
 
+resource logs 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
+  name: 'logs'
+  scope: keyVault
+  properties: {
+    workspaceId: logAnalyticsWorkspaceId
+    logs: [
+      {
+        category: 'AuditEvent'
+        enabled: true
+      }
+    ]
+  }
+}
+
 output endpoint string = keyVault.properties.vaultUri
 output id string = keyVault.id
 output name string = keyVault.name
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -41,6 +41,7 @@ module keyVault './core/security/keyvault.bicep' = {
     location: location
     tags: tags
     principalId: principalId
+    logAnalyticsWorkspaceId: monitoring.outputs.logAnalyticsWorkspaceId
   }
 }