0
我想更改我的arm模板,以便它將keyvault的診斷設置設置爲使用存儲帳戶和oms工作空間。Azure密鑰庫ARM模板診斷設置
目前,我可以得到它只是存儲帳戶的工作,但是當我試圖提供一個OMS的工作空間爲好,它提供了一個非常無益的錯誤:
ERROR: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details. {
"code": null,
"message": null
} Correlation ID: 26a5b601-ef98-415a-9963-e2b872f035b7
它正常工作,如果我刪除在workspaceId價值,我有雙重檢查,我給它一個有效的值的工作區名稱 - 我有一個空白OMS工作區設置
{
"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"keyVaultName":{
"type":"string",
"minLength":1,
"metadata":{
"description":"Name of the Key Vault"
}
},
"accessPolicies":{
"type":"array",
"defaultValue":"{}",
"metadata":{
"description":"Access policies object"
}
},
"logsRetentionInDays":{
"type":"int",
"defaultValue":0,
"minValue":0,
"maxValue":365,
"metadata":{
"description":"Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely."
}
},
"enableVaultForDeployment":{
"type":"bool",
"defaultValue":false,
"allowedValues":[
true,
false
],
"metadata":{
"description":"Specifies if the vault is enabled for deployment by script or compute"
}
},
"enableVaultForTemplateDeployment":{
"type":"bool",
"defaultValue":false,
"allowedValues":[
true,
false
],
"metadata":{
"description":"Specifies if the vault is enabled for a template deployment"
}
},
"enableVaultForDiskEncryption":{
"type":"bool",
"defaultValue":false,
"allowedValues":[
true,
false
],
"metadata":{
"description":"Specifies if the azure platform has access to the vault for enabling disk encryption scenarios."
}
},
"vaultSku":{
"type":"string",
"defaultValue":"Premium",
"allowedValues":[
"Premium"
],
"metadata":{
"description":"Specifies the SKU for the vault"
}
},
"diagnosticStorageAccountPrefix":{
"type":"string",
"minLength":1,
"metadata":{
"description":"Prefix for the diagnostic storage account"
}
},
"omsWorkspaceName":{
"type":"string",
"minLength":1,
"metadata":{
"description":"Name of the OMS workspace used for diagnostic log integration."
}
}
},
"variables":{
"uniqueString":"[uniqueString(subscription().id, resourceGroup().id)]",
"diagnosticStorageAccountName":"[toLower(substring(replace(concat(parameters('diagnosticStorageAccountPrefix'), variables('uniqueString'), variables('uniqueString')), '-', ''), 0, 23))]"
},
"resources":[
{
"type":"Microsoft.Storage/storageAccounts",
"name":"[variables('diagnosticStorageAccountName')]",
"apiVersion":"2016-12-01",
"location":"[resourceGroup().location]",
"sku":{
"name":"Standard_LRS"
},
"kind":"Storage",
"tags":{
"displayName":"Key Vault Diagnostic Storage Account')"
},
"properties": {
"encryption": {
"keySource":"Microsoft.Storage",
"services": {
"blob": {
"enabled":true
}
}
}
}
},
{
"type":"Microsoft.KeyVault/vaults",
"name":"[parameters('keyVaultName')]",
"apiVersion":"2016-10-01",
"location":"[resourceGroup().location]",
"tags":{
"displayName":"Key Vault"
},
"properties":{
"enabledForDeployment":"[parameters('enableVaultForDeployment')]",
"enabledForTemplateDeployment":"[parameters('enableVaultForTemplateDeployment')]",
"enabledForDiskEncryption":"[parameters('enableVaultForDiskEncryption')]",
"tenantId":"[subscription().tenantId]",
"accessPolicies":"[parameters('AccessPolicies')]",
"sku":{
"name":"[parameters('vaultSku')]",
"family":"A"
}
},
"resources":[
{
"type":"Microsoft.KeyVault/vaults/providers/diagnosticsettings",
"name":"[concat(parameters('keyVaultName'), '/Microsoft.Insights/service')]",
"apiVersion":"2016-09-01",
"location":"[resourceGroup().location]",
"dependsOn":[
"[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('diagnosticStorageAccountName'))]"
],
"properties":{
"storageAccountId":"[resourceId('Microsoft.Storage/storageAccounts', variables('diagnosticStorageAccountName'))]",
"workspaceId":"[resourceId('Microsoft.OperationalInsights/workspaces', parameters('omsWorkspaceName'))]",
"logs":[
{
"category":"AuditEvent",
"enabled":true,
"retentionPolicy":{
"enabled":true,
"days":"[parameters('LogsRetentionInDays')]"
}
}
]
}
}
]
},
{
"type":"Microsoft.KeyVault/vaults/providers/locks",
"apiVersion":"2016-09-01",
"name":"[concat(parameters('keyVaultName'), '/Microsoft.Authorization/keyVaultDoNotDelete')]",
"dependsOn":[
"[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
],
"comments":"Resource lock on key vault",
"properties":{
"level":"CannotDelete"
}
},
{
"type":"Microsoft.Storage/storageAccounts/providers/locks",
"apiVersion":"2016-09-01",
"name":"[concat(variables('diagnosticStorageAccountName'), '/Microsoft.Authorization/storageDoNotDelete')]",
"dependsOn":[
"[concat('Microsoft.Storage/storageAccounts/', variables('diagnosticStorageAccountName'))]"
],
"comments":"Resource lock on key vault diagnostic storage account",
"properties":{
"level":"CannotDelete"
}
}
],
"outputs":{
}
}
是oms在同一資源組? – 4c74356b41
哈哈,沒有它在另一個,我認爲我需要給資源組提供資源ID時? –