Most times you will need to store logs for your azure resources in order to troubleshoot when things do not work as expected. Diagnostic settings for an app service can be enabled from the pane under Monitoring.
Then you should configure the diagnostic settings that will point which logs should be forwarded.
You can choose from the available categories shown below.
Lets now discover how we can enable diagnostic settings for an app service using terraform.
Create a file for example diagnostic_settings.tf and apply. The below configuration will enable all diagnostic settings categories.
resource "azurerm_monitor_diagnostic_setting" "diag_settings" { name = "diag-settings" target_resource_id = azurerm_windows_web_app.app_service1.id log_analytics_workspace_id = local.log_analytics_workspace_id log { category = "AppServiceHTTPLogs" enabled = true retention_policy { enabled = false } } log { category = "AppServiceConsoleLogs" enabled = true retention_policy { enabled = false } } log { category = "AppServiceAppLogs" enabled = true retention_policy { enabled = false } } log { category = "AppServiceAuditLogs" enabled = true retention_policy { enabled = false } } log { category = "AppServiceIPSecAuditLogs" enabled = true retention_policy { enabled = false } } log { category = "AppServicePlatformLogs" enabled = true retention_policy { enabled = false } } metric { category = "AllMetrics" retention_policy { enabled = false days = 30 } } }
You can also perform the same using a loop and a local variable in order to minimize code and make it more readable.
Assign a new variable inside your locals.tf file.
log_analytics_log_categories = ["AppServiceHTTPLogs", "AppServiceConsoleLogs","AppServiceAppLogs","AppServiceAuditLogs","AppServiceIPSecAuditLogs","AppServicePlatformLogs"]
Then perform terraform apply.
resource "azurerm_monitor_diagnostic_setting" "diag_settings" { name = "diag-rule" target_resource_id = azurerm_windows_web_app.app_service1.id log_analytics_workspace_id = local.log_analytics_workspace_id dynamic "log" { iterator = entry for_each = local.log_analytics_log_categories content { category = entry.value enabled = true retention_policy { enabled = false } } } metric { category = "AllMetrics" retention_policy { enabled = false days = 30 } } }
After applying terraform all the settings will be enabled.