capture-all-regions
Explanation
Log profiles should capture all regions to ensure that all events are logged
Possible Impact
Activity may be occurring in locations that aren't being monitored
Suggested Resolution
Enable capture for all locations
Insecure Example
The following example will fail the azure-monitor-capture-all-regions check.
resource "azurerm_monitor_log_profile" "bad_example" {
name = "bad_example"
categories = []
locations = [
"westus",
"global",
]
retention_policy {
enabled = true
days = 7
}
}
Secure Example
The following example will pass the azure-monitor-capture-all-regions check.
resource "azurerm_monitor_log_profile" "bad_example" {
name = "bad_example"
categories = []
locations = [
"eastus",
"eastus2",
"southcentralus",
"westus2",
"westus3",
"australiaeast",
"southeastasia",
"northeurope",
"swedencentral",
"uksouth",
"westeurope",
"centralus",
"northcentralus",
"westus",
"southafricanorth",
"centralindia",
"eastasia",
"japaneast",
"jioindiawest",
"koreacentral",
"canadacentral",
"francecentral",
"germanywestcentral",
"norwayeast",
"switzerlandnorth",
"uaenorth",
"brazilsouth",
"centralusstage",
"eastusstage",
"eastus2stage",
"northcentralusstage",
"southcentralusstage",
"westusstage",
"westus2stage",
"asia",
"asiapacific",
"australia",
"brazil",
"canada",
"europe",
"global",
"india",
"japan",
"uk",
"unitedstates",
"eastasiastage",
"southeastasiastage",
"centraluseuap",
"eastus2euap",
"westcentralus",
"southafricawest",
"australiacentral",
"australiacentral2",
"australiasoutheast",
"japanwest",
"jioindiacentral",
"koreasouth",
"southindia",
"westindia",
"canadaeast",
"francesouth",
"germanynorth",
"norwaywest",
"swedensouth",
"switzerlandwest",
"ukwest",
"uaecentral",
"brazilsoutheast",
]
retention_policy {
enabled = true
days = 7
}
}