我有一个用于创建存储帐户和专用端点的 Bicep 脚本。现在我想为此专用端点创建诊断设置。 Azure 专用终结点本身不支持诊断设置。用户需要将诊断设置添加到链接到专用端点的 NetworkInterface。
但是,我找不到用 Bicep 脚本实现此功能的方法。示例代码显示了我正在尝试做的事情。
param vnetResourceGroup = 'testRg'
param vnetName string = 'testvnet'
param subnetName string = 'testsnet'
param storageAccountName string = 'testst'
param loggingWorkspaceId string = '/subscriptions/xxx_subscription_id/resourcegroups/xxx_resource_group/providers/microsoft.operationalinsights/workspaces/xxx-applogs-workspace'
resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' existing = {
scope: resourceGroup(vnetResourceGroup)
name: vnetName
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' existing = {
parent: vnet
name: subnetName
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_ZRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
minimumTlsVersion: 'TLS1_2'
supportsHttpsTrafficOnly: true
allowBlobPublicAccess: false
publicNetworkAccess: 'Disabled'
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Allow'
}
}
}
resource storagePrivateEndpoint 'Microsoft.Network/privateEndpoints@2022-07-01' = {
name: '${storageAccount.name}-pe'
location: location
properties: {
subnet: {
id: subnet.id
}
privateLinkServiceConnections: [
{
name: '${storageAccount.name}-pe-link'
properties: {
privateLinkServiceId: storageAccount.id
groupIds: [
'blob'
]
}
}
]
}
}
// Create disgnostic settings for the network interfaces.
resource storagePEDiagnosticSetting3 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: '${storageAccount.name}-pe-ni-logs'
// Note: this scope value won't compile.
// scope: ? storagePrivateEndpoint.properties.networkInterfaces[0]
properties: {
workspaceId: loggingWorkspaceId
metrics: [
{
category: 'AllMetrics'
enabled: true
}
]
}
}
我希望我可以为专用端点的 NetworkInterface 创建诊断设置。谢谢!
diagnosticSettings 资源的
scope
需要网络接口资源。// diagnostic-settings.bicep
param logName string
param networkInterfaceName string
param loggingWorkspaceId string
resource networkInterface 'Microsoft.Network/networkInterfaces@2022-07-01' existing = {
name: networkInterfaceName
}
// Create diagnostic settings for the network interfaces.
resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
scope: networkInterface
name: logName
properties: {
workspaceId: loggingWorkspaceId
metrics: [
{
category: 'AllMetrics'
enabled: true
}
]
}
}
从 main 中,您可以像这样调用模块:
// main.bicep
...
module diangSetting 'diagnostic-settings.bicep' = {
name: '${storageAccount.name}-pe-ni-logs'
scope: resourceGroup()
params: {
logName: '${storageAccount.name}-pe-ni-logs'
loggingWorkspaceId: loggingWorkspaceId
networkInterfaceName: storagePrivateEndpoint.properties.networkInterfaces[0].name
}
}
我遇到了同样的问题,但可以通过将
dependsOn
添加到诊断资源来解决。
下面的代码利用专用端点中的参数来生成网络接口。我建立了诊断对专用端点
pe
的依赖关系,因为创建网络接口与其同时进行。 dependsOn
existing
nic
上也没有任何意义,所以无论如何也行不通。
param customNetworkInterfaceName string = 'storage-pe-nic'
resource pe 'Microsoft.Network/privateEndpoints@2023-09-01' = {
...
properties: {
...
customNetworkInterfaceName: customNetworkInterfaceName
}
}
resource nic 'Microsoft.Network/networkInterfaces@2023-09-01' existing = {
name: customNetworkInterfaceName
}
resource diagnostics 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
name: '${customNetworkInterfaceName}-diagnostics'
scope: nic
dependsOn: [pe]
properties: {
...
}
}