Top / Microsoft Azure / Azure Monitor / Private Link Scope

Azure Monitor Private Link Scope

This page shows how to write Terraform and Azure Resource Manager for Monitor Private Link Scope and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_monitor_private_link_scope (Terraform)

The Private Link Scope in Monitor can be configured in Terraform with the resource name azurerm_monitor_private_link_scope. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

11.loganalytics.tf#L37
resource "azurerm_monitor_private_link_scope" "ampls01" {
  name                = "ampls01"
  resource_group_name = azurerm_resource_group.dev-prolab.name
}

resource "azurerm_monitor_private_link_scoped_service" "ampls01linkedscopeservice" {
11.loganalytics.tf#L37
resource "azurerm_monitor_private_link_scope" "ampls01" {
  name                = "ampls01"
  resource_group_name = azurerm_resource_group.dev-prolab.name
}

resource "azurerm_monitor_private_link_scoped_service" "ampls01linkedscopeservice" {

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • name - (Required) The name of the Azure Monitor Private Link Scope. Changing this forces a new resource to be created.

  • resource_group_name - (Required) The name of the Resource Group where the Azure Monitor Private Link Scope should exist. Changing this forces a new resource to be created.

  • tags - (Optional) A mapping of tags which should be assigned to the Azure Monitor Private Link Scope.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Azure Monitor Private Link Scope.

>> from Terraform Registry

Explanation in Terraform Registry

Manages an Azure Monitor Private Link Scope.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Monitor Resources

In addition to the azurerm_monitor_log_profile, Azure Monitor has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_monitor_log_profile

Ensure to enable the activity retention log

It is better to enable the activity retention log to ensure that all the information required for an effective investigation is still available.

Review your Azure Monitor settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Insights/privateLinkScopes (Azure Resource Manager)

The privateLinkScopes in Microsoft.Insights can be configured in Azure Resource Manager with the resource name Microsoft.Insights/privateLinkScopes. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

ampls.arm.json#L11
      "type": "Microsoft.Insights/privateLinkScopes",
      "apiVersion": "2021-09-01",
      "name": "[parameters('private_link_scope_name')]",
      "location": "global",
      "properties": { "accessModeSettings": { "queryAccessMode": "PrivateOnly", "ingestionAccessMode": "PrivateOnly" } }
    },
ampls.arm.json#L11
      "type": "Microsoft.Insights/privateLinkScopes",
      "apiVersion": "2021-09-01",
      "name": "[parameters('private_link_scope_name')]",
      "location": "global",
      "properties": { "accessModeSettings": { "queryAccessMode": "PrivateOnly", "ingestionAccessMode": "PrivateOnly" } }
    },
ampls.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "private_link_scope_name": {
ampls.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "private_link_scope_name": {
PrivateLinkScopesListByResourceGroup.json#L14
            "type": "Microsoft.Insights/privateLinkScopes",
            "location": "Global",
            "tags": {},
            "properties": {
              "provisioningState": "Succeeded"
            }
PrivateLinkScopesList.json#L13
            "type": "Microsoft.Insights/privateLinkScopes",
            "location": "Global",
            "tags": {},
            "properties": {
              "provisioningState": "Succeeded"
            }
PrivateLinkScopesCreate.json#L17
        "type": "Microsoft.Insights/privateLinkScopes",
        "location": "Global",
        "tags": {},
        "properties": {
          "provisioningState": "Succeeded"
        }
PrivateLinkScopesUpdate.json#L20
        "type": "Microsoft.Insights/privateLinkScopes",
        "location": "Global",
        "tags": {
          "Tag1": "Value1"
        },
        "properties": {
PrivateLinkScopesListByResourceGroup.json#L14
            "type": "Microsoft.Insights/privateLinkScopes",
            "location": "Global",
            "tags": {},
            "properties": {
              "provisioningState": "Succeeded"
            }
PrivateLinkScopesList.json#L13
            "type": "Microsoft.Insights/privateLinkScopes",
            "location": "Global",
            "tags": {},
            "properties": {
              "provisioningState": "Succeeded"
            }

The Other Related Azure Monitor Resources

Frequently asked questions

Azure Monitor Private Link Scope is a resource for Monitor of Microsoft Azure. Settings can be wrote in Terraform.

For Terraform, the konradmaleckipl/Terraform-workshop and cloudstateu/Terraform-Labs source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the yz4898/att_mvm, jessed/azure_k8s_lab and microsoft/privateAML source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents