Azure_PowerShell_Architect/LogAnalytics.ps1 at master · tomwechsler/Azure_PowerShell_Architect · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Set-Location c:\
Clear-Host

Install-Module -Name Az -Force -AllowClobber -Verbose

#Prefix for resources
$prefix = "tw"

#Basic variables
$location = "westeurope"
$id = Get-Random -Minimum 1000 -Maximum 9999

#Log into Azure
Connect-AzAccount

#Select the correct subscription
Get-AzSubscription -SubscriptionName "MSDN Platforms" | Select-AzSubscription

#Create a resource group for Key Vault
$keyVaultGroup = New-AzResourceGroup -Name "$prefix-key-vault-$id" -Location $location

#Create a new Key Vault
$keyVaultParameters = @{
    Name = "$prefix-key-vault-$id"
    ResourceGroupName = $keyVaultGroup.ResourceGroupName
    Location = $location
    Sku = "Standard"
}

$keyVault = New-AzKeyVault @keyVaultParameters

#If you already have a Key Vault
$keyVault = Get-AzKeyVault -VaultName "VAULT_NAME" -ResourceGroupName "RESOURCE_GROUP_NAME"

#Create a storage account for logs and metrics
$storageAccountParameters = @{
    ResourceGroupName = $keyVault.ResourceGroupName
    Name = "$($prefix)logs$id"
    Type = "Standard_LRS"
    Location = $location
}

$sa = New-AzStorageAccount @storageAccountParameters

#Create a Log Analytics Workspace
$logAnalyticsParameters = @{
    ResourceGroupName = $keyVault.ResourceGroupName
    Name = "$prefix-keyvaultstats-$id"
    Location = $location
    Sku = "Standard"
}

$la = New-AzOperationalInsightsWorkspace @logAnalyticsParameters

# Add solutions
$solutionParameters = @{
    ResourceGroupName = $la.ResourceGroupName
    WorkspaceName = $la.Name
    IntelligencePackName = "KeyVaultAnalytics"
    Enabled = $true
}

# Add solutions
Set-AzOperationalInsightsIntelligencePack @solutionParameters

#Update Diagnostic Settings for Key Vault
$diagnosticSettings = @{
    ResourceId = $keyVault.ResourceId
    WorkspaceId = $la.ResourceId
    MetricCategory = "AllMetrics"
    Category = "AuditEvent"
    Enabled = $true
    StorageAccountId = $sa.Id
    RetentionEnabled = $true
    RetentionInDays = 180
}

Set-AzDiagnosticSetting @diagnosticSettings

#Generate some events
$Secret = ConvertTo-SecureString -String 'ContosoSecrets' -AsPlainText -Force
ForEach($n in 1..10){Add-AzKeyVaultKey -Name "key$n" -VaultName $keyVault.VaultName -Destination Software}
ForEach($n in 1..10){Get-AzKeyVaultKey -Name "key$n" -VaultName $keyVault.VaultName}
ForEach($n in 1..10){Set-AzKeyVaultSecret -VaultName $keyVault.VaultName -Name "secret$n" -SecretValue $Secret}
ForEach($n in 1..10){Get-AzKeyVaultSecret -VaultName $keyVault.VaultName -Name "secret$n"}
ForEach($n in 1..10){Remove-AzKeyVaultSecret -VaultName $keyVault.VaultName -Name "secret$n" -Force}