Deploying an Azure Log Analytics Workspace with Terraform

In this post, we’ll explore the creation of a Terraform template that can help you deploy an Azure Log Analytics workspace.

Log Analytics is a powerful service in Azure that helps you collect, analyse, and visualise your log and performance data across your Azure resources. By automating the deployment with Terraform, you can ensure consistency and streamline your infrastructure management.

Prerequisites

Before we dive into the code, ensure you have the following prerequisites:

  • An Azure account
  • Terraform installed on your local machine
  • A code editor such as Visual Studio Code
  • Familiarity with Azure Resource Manager (ARM) concepts

The Terraform template

We will create a simple Terraform configuration that provisions a resource group and a Log Analytics workspace. Below is the template we'll use:

terraform {
  required_version = ">= 1.3.0"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.71, < 5.0.0"
    }
    random = {
      source  = "hashicorp/random"
      version = ">= 3.5.0, < 4.0.0"
    }
  }
}

provider "azurerm" {
  features {}
}

# This ensures we have unique CAF compliant names for our resources.
module "naming" {
  source  = "Azure/naming/azurerm"
  version = "0.3.0"
}

locals {
  azure_regions = [
    "ukwest",
    "westeurope",
    "francecentral",
    "swedencentral"
    # Add other regions as needed
  ]
}

variable "enable_telemetry" {
  description = "Enable or disable telemetry for the log analytics workspace"
  type        = bool
  default     = true # Set a default value if desired
}


# This picks a random region from the list of regions.
resource "random_integer" "region_index" {
  max = length(local.azure_regions) - 1
  min = 0
}

# Add a new random_pet resource to generate a unique, human-readable name
resource "random_pet" "log_analytics_workspace_name" {
  length    = 2
  separator = "-"
}

# This is required for resource modules
resource "azurerm_resource_group" "rg" {
  location = local.azure_regions[random_integer.region_index.result]
  name     = module.naming.resource_group.name_unique
}

# This is the module call
module "log_analytics_workspace" {
  source = "Azure/avm-res-operationalinsights-workspace/azurerm"
  # source             = "Azure/avm-res-operationalinsights-workspace/azurerm"
  enable_telemetry                          = var.enable_telemetry
  location                                  = azurerm_resource_group.rg.location
  resource_group_name                       = azurerm_resource_group.rg.name
  name                                      = "law-${random_pet.log_analytics_workspace_name.id}"
  log_analytics_workspace_retention_in_days = 60
  log_analytics_workspace_sku               = "PerGB2018"
  log_analytics_workspace_daily_quota_gb    = 200
  log_analytics_workspace_identity = {
    type = "SystemAssigned"
  }
}

Template explained

This Terraform template is based on the Azure Verified Module (AVM) for setting up a Log Analytics workspace on Azure. The template leverages and customises the AVM template to create a workspace, with enhancements for resource naming and region selection.

  1. Terraform Configuration Block: The terraform block specifies required versions of both Terraform and providers:
    • azurerm provider is used to interact with Azure resources, requiring a version between 3.71 and 5.0.0.
    • random provider, used to generate random values for unique naming and region selection, requires version 3.5.0 or later.
  2. Provider Setup:
    • provider "azurerm": This configures the Azure provider with basic features.
  3. Naming Module:
    • The Cloud Adoption Framework Compliant Naming Module (module "naming") is sourced from Azure’s naming conventions. It helps ensure that all generated resource names comply with Azure's Cloud Adoption Framework (CAF) standards, keeping resource names unique and structured.
  4. Local Values:
    • local.azure_regions: Defines a list of Azure regions. The template randomly selects one of these regions for resource deployment, allowing flexibility across regions like ukwest, westeurope, etc.
    • You can add more regions to this list as needed.
  5. Variables:
    • variable "enable_telemetry": A Boolean variable to enable or disable telemetry on the Log Analytics workspace. By default, this is set to true.
  6. Random Resource Selection:
    • random_integer "region_index": Picks a random integer within the index range of local.azure_regions, enabling a random selection of a region for deployment.
    • random_pet "log_analytics_workspace_name": Generates a unique, human-readable name for the Log Analytics workspace by concatenating two random words with a hyphen.
  7. Resource Group:
    • azurerm_resource_group "rg": Creates an Azure resource group in the randomly selected region. The name for this resource group is generated via the Cloud Adoption Framework compliant naming module (module.naming).
  8. Log Analytics Workspace Module:
    • log_analytics_workspace_identity: Assigns a System Assigned identity to the workspace, enabling it to interact with other Azure resources securely.
    • module "log_analytics_workspace": Calls for the Log Analytics workspace to be set up with additional customisation:
      • enable_telemetry: Configured based on var.enable_telemetry, controlling whether telemetry data is collected.
      • location: Sets the workspace's location to match the resource group's region.
      • resource_group_name: The name of the resource group where the workspace will be deployed.
      • name: Sets a unique name for the workspace, based on the random_pet resource (e.g., law-lively-panda).
      • log_analytics_workspace_retention_in_days: Specifies that logs should be retained for 60 days.
      • log_analytics_workspace_sku: Sets the workspace SKU to PerGB2018, allowing usage-based pricing.
      • log_analytics_workspace_daily_quota_gb: Limits the daily log ingestion quota to 200 GB.

Conclusion

By leveraging Terraform, this customised template automates the deployment of Azure Log Analytics workspaces, ensuring consistency and reducing the risk of manual errors.

Based on the Azure Verified Module for Log Analytics, it incorporates Cloud Adoption Framework compliant naming and randomised region selection to meet enterprise standards for resource organisation and regional flexibility.

This approach not only enhances infrastructure management practices but also lays the foundation for scaling to more complex deployments as your environment grows.