From 7b9927cdb01514adde2c0e873ee5ab1ccd165628 Mon Sep 17 00:00:00 2001 From: dusan-ilic-mhra <104429461+dusan-ilic-mhra@users.noreply.github.com> Date: Fri, 22 Dec 2023 14:15:54 +0100 Subject: [PATCH] Switch to structured firewall logs (#3816) --- CHANGELOG.md | 1 + core/terraform/notebooks.tf | 17 ----------------- core/version.txt | 2 +- templates/shared_services/firewall/porter.yaml | 2 +- .../firewall/terraform/firewall.tf | 2 +- .../firewall/terraform/locals.tf | 10 +++------- 6 files changed, 7 insertions(+), 27 deletions(-) delete mode 100644 core/terraform/notebooks.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index b6de49e9d2..c2f2e20290 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ FEATURES: ENHANCEMENTS: * Switch from OpenCensus to OpenTelemetry for logging ([#3762](https://github.com/microsoft/AzureTRE/pull/3762)) +* Switch to Structured Firewall Logs ([#3816](https://github.com/microsoft/AzureTRE/pull/3816)) BUG FIXES: diff --git a/core/terraform/notebooks.tf b/core/terraform/notebooks.tf deleted file mode 100644 index 37214c7748..0000000000 --- a/core/terraform/notebooks.tf +++ /dev/null @@ -1,17 +0,0 @@ -data "http" "firewall_workbook_json" { - url = "https://raw.githubusercontent.com/Azure/Azure-Network-Security/master/Azure%20Firewall/Workbook%20-%20Azure%20Firewall%20Monitor%20Workbook/Azure%20Firewall_Gallery.json" -} - -resource "random_uuid" "firewall_workbook" { -} - -resource "azurerm_application_insights_workbook" "firewall" { - name = random_uuid.firewall_workbook.result - location = azurerm_resource_group.core.location - resource_group_name = azurerm_resource_group.core.name - display_name = "Azure Firewall Workbook ${var.tre_id}" - data_json = data.http.firewall_workbook_json.response_body - tags = local.tre_core_tags - - lifecycle { ignore_changes = [tags] } -} diff --git a/core/version.txt b/core/version.txt index d69d16e980..a2fecb4576 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -__version__ = "0.9.1" +__version__ = "0.9.2" diff --git a/templates/shared_services/firewall/porter.yaml b/templates/shared_services/firewall/porter.yaml index 340f84ff97..e15ce6cc0b 100644 --- a/templates/shared_services/firewall/porter.yaml +++ b/templates/shared_services/firewall/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-shared-service-firewall -version: 1.1.5 +version: 1.1.6 description: "An Azure TRE Firewall shared service" dockerfile: Dockerfile.tmpl registry: azuretre diff --git a/templates/shared_services/firewall/terraform/firewall.tf b/templates/shared_services/firewall/terraform/firewall.tf index 01d56705e5..fcaefaafdb 100644 --- a/templates/shared_services/firewall/terraform/firewall.tf +++ b/templates/shared_services/firewall/terraform/firewall.tf @@ -61,7 +61,7 @@ resource "azurerm_monitor_diagnostic_setting" "firewall" { name = "diagnostics-fw-${var.tre_id}" target_resource_id = azurerm_firewall.fw.id log_analytics_workspace_id = data.azurerm_log_analytics_workspace.tre.id - log_analytics_destination_type = "AzureDiagnostics" + log_analytics_destination_type = "Dedicated" dynamic "enabled_log" { for_each = setintersection(data.azurerm_monitor_diagnostic_categories.firewall.log_category_types, local.firewall_diagnostic_categories_enabled) diff --git a/templates/shared_services/firewall/terraform/locals.tf b/templates/shared_services/firewall/terraform/locals.tf index 80880c41f7..3eb2a41c33 100644 --- a/templates/shared_services/firewall/terraform/locals.tf +++ b/templates/shared_services/firewall/terraform/locals.tf @@ -2,13 +2,9 @@ locals { core_resource_group_name = "rg-${var.tre_id}" firewall_name = "fw-${var.tre_id}" firewall_diagnostic_categories_enabled = [ - "AzureFirewallApplicationRule", - "AzureFirewallNetworkRule", - "AzureFirewallDnsProxy", - # These are for resource specific table settings that are still in preview - # "AZFWApplicationRule", - # "AZFWNetworkRule", - # "AZFWDnsProxy", + "AZFWApplicationRule", + "AZFWNetworkRule", + "AZFWDnsProxy", ] tre_shared_service_tags = { tre_id = var.tre_id