Top / Microsoft Azure / Azure Monitor / Private Link Scoped Service

Azure Monitor Private Link Scoped Service

This page shows how to write Terraform and Azure Resource Manager for Monitor Private Link Scoped Service and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_monitor_private_link_scoped_service (Terraform)

The Private Link Scoped Service in Monitor can be configured in Terraform with the resource name azurerm_monitor_private_link_scoped_service. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

11.loganalytics.tf#L42
resource "azurerm_monitor_private_link_scoped_service" "ampls01linkedscopeservice" {
  name                = "ampls01linkedscopeservice"
  resource_group_name = data.azurerm_resource_group.dev-prolab.name
  scope_name          = azurerm_monitor_private_link_scope.ampls01.name
  linked_resource_id  = azurerm_application_insights.appinsights01.id
}
11.loganalytics.tf#L42
resource "azurerm_monitor_private_link_scoped_service" "ampls01linkedscopeservice" {
  name                = "ampls01linkedscopeservice"
  resource_group_name = data.azurerm_resource_group.dev-prolab.name
  scope_name          = azurerm_monitor_private_link_scope.ampls01.name
  linked_resource_id  = azurerm_application_insights.appinsights01.id
}

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • name - (Required) The name of the Azure Monitor Private Link Scoped Service. Changing this forces a new resource to be created.

  • resource_group_name - (Required) The name of the Resource Group where the Azure Monitor Private Link Scoped Service should exist. Changing this forces a new resource to be created.

  • scope_name - (Required) The name of the Azure Monitor Private Link Scope. Changing this forces a new resource to be created.

  • linked_resource_id - (Required) The ID of the linked resource. It must be the Log Analytics Workspace or the Application Insights component. Changing this forces a new resource to be created.

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Azure Monitor Private Link Scoped Service.

>> from Terraform Registry

Explanation in Terraform Registry

Manages an Azure Monitor Private Link Scoped Service.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Monitor Resources

In addition to the azurerm_monitor_log_profile, Azure Monitor has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_monitor_log_profile

Ensure to enable the activity retention log

It is better to enable the activity retention log to ensure that all the information required for an effective investigation is still available.

Review your Azure Monitor settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Insights/privateLinkScopes/scopedResources (Azure Resource Manager)

The privateLinkScopes/scopedResources in Microsoft.Insights can be configured in Azure Resource Manager with the resource name Microsoft.Insights/privateLinkScopes/scopedResources. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

ampls.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "private_link_scope_name": {
ampls.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "private_link_scope_name": {
deploy.json
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "privateLinkScopeName": {
deploy.json
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "privateLinkScopeName": {

The Other Related Azure Monitor Resources

Frequently asked questions

Azure Monitor Private Link Scoped Service is a resource for Monitor of Microsoft Azure. Settings can be wrote in Terraform.

For Terraform, the konradmaleckipl/Terraform-workshop and cloudstateu/Terraform-Labs source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the microsoft/privateAML, microsoft/AzureTRE and boscoedash/InternalExpenseApp source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents