Everyone has heard of “Mission Critical” in Azure, Which describes that an application needs to be deployed in one or more regions within Azure to have 100% redundancy. For example, an application is deployed in West and North Europe. It brings us to the next problem, what if diagnostic settings have another Log Analytics Workspace per region?
1) Azure Policy multi region
Azure Policy is a powerful solution to define and even automate certain facets of the Azure Tenant. For example, you can adjust settings, activate, deactivate, and even customise additional features on Azure resources using remediation tasks.
We have created a Diagnostic Settings policy for each resource we use. It will automatically adjust these settings on the resource itself. However, developing a specific policy for the most common resources is recommended because if you want to do this for all resources in Azure, this will mean working for an entire year.
It is better to start with the most commonly used ones within the organisation and create new policies as this list expands.
TIP: Think carefully about the hierarchy of the management groups and where you place the assignments of these policies. Developing governance within the organisation is the first step towards a successful Cloud Journey!
2) Policy solution for multi region diagnostic settings
Find the code below for the policy validation:
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs.enabled",
"equals": "True"
},
{
"field": "Microsoft.Insights/diagnosticSettings/metrics.enabled",
"equals": "True"
},
{
"field": "Microsoft.Insights/diagnosticSettings/workspaceId",
"matchInsensitively": "if(equals(parameters('location'), 'westeurope'),
parameters('logAnalytics'), parameters('logAnalyticsNeur'))"
}
]
},
For the workspace id use the following if-else statement:
"workspaceId": "[if(equals(parameters('location'), 'westeurope'), parameters('logAnalytics'), parameters('logAnalyticsNeur'))]",
If you want a different name for the Diagnostic settings per region use the code below:
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', if(equals(parameters('location'), 'westeurope'), parameters('profileName'), parameters('profileNameNeur')))]",