We have a DeployIfNotExists policy that creates diagnostic settings on resources in the environments. The policy contains the ARM Template for the diagnostic setting that triggers upon evaluation that the setting does not exist on the resource. Please see below: (This is one example setting for Azure Bastion Hosts)
"resources": [
{
"type": "Microsoft.Network/bastionHosts/providers/diagnosticSettings",
"apiVersion": "2017-05-01-preview",
"name": "[concat(parameters('resourceName'), '/Microsoft.Insights/', parameters('profileName'))]",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"eventHubAuthorizationRuleId": "[parameters('eventHubRuleId')]",
"eventHubName": "[parameters('eventHubName')]",
"logs": [
{
"category": "BastionAuditLogs",
"enabled": true
}
]
}
}
],
There is a line for Event Hub Authorization Rule ID, which we pass in a parameter. Earlier, we just passed in our primary Event Hub's info. However, some resources that were in a different region would fail because they cannot write cross region to an Event Hub. So with that, now we are using a Geo-Recovery Alias.
We have a Geo-Recovery DR Alias that connects the Primary/Secondary Event Hubs, in two different regions. I would like to pass the EventHubAuthorizationRuleID for this DR Alias, however upon doing that there is the following issue:
Resource type 'microsoft.eventhub/namespaces/disasterrecoveryconfigs/authorizationrules' is invalid for property 'properties.eventHubAuthorizationRuleId'. Expected types are 'microsoft.servicebus/namespaces/authorizationrules', 'microsoft.eventhub/namespaces/authorizationrules
We get the Authorization Rule for the DR Alias with the following Powershell command:
PS: Get-AzEventHubAuthorizationRule -AliasName xxxxxxxxxxxxxx -Namespace xxxxxxxxxxxx -ResourceGroupName xxxxxxxxxxxxxxxx
Id : /subscriptions/xxxxxxxxxxxxxxxxxxxx/resourceGroups/xxxxxxxxxxxx/providers/Microsoft.EventHub/namespaces/xxxxxxxxxxx/disasterRecoveryConfigs/xxxxxxxxxxxxxxx/AuthorizationRules/RootManageSharedAccessKey
Type : Microsoft.EventHub/Namespaces/AuthorizationRules
Name : RootManageSharedAccessKey
Location :
Tags :
Rights : {Listen, Manage, Send}
The above ID is what we pass in as the parameter and is causing the failure. The type in the Powershell response is 'Microsoft.EventHub/Namespaces/AuthorizationRules' even though it clearly contains the 'disasterRecoveryConfigs' portion.
Question: How can we reference the DR Alias so that it reads it as a regular namespace?