feat: Add bring-your-own Log Analytics Workspace for Foundry app and wrapper resources#153
Open
Saswato-Microsoft wants to merge 11 commits into
Open
feat: Add bring-your-own Log Analytics Workspace for Foundry app and wrapper resources#153Saswato-Microsoft wants to merge 11 commits into
Saswato-Microsoft wants to merge 11 commits into
Conversation
chore: dev to main merge
chore: dev to main merge
Adds Bicep CLI (v0.33.0+) to the local deployment prerequisites so users provisioning this accelerator locally have the required Bicep version installed before running 'azd up' / 'az deployment'. Work item: AB#42634
docs: Add Bicep CLI (v0.33.0+) to local deployment prerequisites
Saswato-Microsoft
requested review from
Avijit-Microsoft,
Prajwal-Microsoft,
Roopan-Microsoft,
Vinay-Microsoft,
aniaroramsft,
dgp10801 and
toherman-msft
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds “Bring Your Own” (BYO) Log Analytics Workspace support so the deployment can route diagnostics for wrapper-managed resources (PostgreSQL Flexible Server, Fabric capacity) to an existing workspace, and (optionally) create a workspace-based Application Insights instance linked to it. It also updates documentation to explain the new parameter, expected behavior, and prerequisites.
Changes:
- Added
existingLogAnalyticsWorkspaceResourceIdparameter and conditional logic to enable BYO observability wiring. - Added diagnostic settings routing for PostgreSQL and Fabric capacity to the provided workspace, plus new outputs for the BYO App Insights instance.
- Updated README and deployment/parameter guides to document the feature and add Bicep CLI as a prerequisite.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Documents Bicep CLI prerequisite in the main README. |
| infra/main.json | Adds new BYO workspace parameter, conditional App Insights, diagnostic settings wiring, and related outputs; updates Bicep generator metadata. |
| infra/main.bicepparam | Adds env-driven parameter for supplying an existing Log Analytics workspace resource ID. |
| infra/main.bicep | Implements BYO workspace enablement, optional workspace-based App Insights creation, diagnostic settings wiring, and outputs. |
| docs/parameter_guide.md | Adds a new section describing BYO Log Analytics Workspace behavior, configuration, outputs, and permissions. |
| docs/deploymentguide.md | Updates prerequisites and documents how to configure BYO workspace via azd env var. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…urceId Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…tion Insights integration Co-authored-by: Copilot <copilot@github.com>
Comment on lines
+114
to
+116
| @description('Optional. Full ARM resource ID of an existing Log Analytics workspace to use for observability of the deployed Foundry application and wrapper-managed resources (PostgreSQL, Fabric capacity). When provided, an Application Insights component is created in the deployment resource group and linked to this workspace, and diagnostic settings on the wrapper-managed resources are routed to it. Leave empty to skip BYO behavior. Format: /subscriptions/{subId}/resourceGroups/{rg}/providers/Microsoft.OperationalInsights/workspaces/{name}.') | ||
| param existingLogAnalyticsWorkspaceResourceId string = '' | ||
|
|
Comment on lines
+27
to
+32
| // application and wrapper-managed resources (PostgreSQL, Fabric capacity). | ||
| // When provided, diagnostic settings on the wrapper-managed resources are | ||
| // routed to this workspace. An Application Insights component is also | ||
| // created in this RG and linked to the workspace, but only when | ||
| // deployAppInsights is true and deployLogAnalytics is false (the wrapper | ||
| // defaults). Leave empty to skip BYO behavior. |
Comment on lines
+87
to
+98
| By default the wrapper sets `deployLogAnalytics = false`, so the AI Landing Zone does not create a new Log Analytics workspace and Application Insights is not provisioned. If you already have a centralized Log Analytics workspace (for example one shared across the platform), you can wire the deployed Foundry application and the wrapper-managed resources (PostgreSQL Flexible Server, Fabric capacity) to it. | ||
|
|
||
| ### How it works | ||
|
|
||
| When you set `existingLogAnalyticsWorkspaceResourceId`: | ||
|
|
||
| 1. An **Application Insights** component is created in the deployment resource group and linked to your existing workspace via `WorkspaceResourceId`. Its name follows the same `appInsightsName` convention (`appi-<resourceToken>`). | ||
| 2. **PostgreSQL Flexible Server** diagnostic settings (all logs + AllMetrics) are routed to your workspace. | ||
| 3. **Fabric capacity** diagnostic settings (all logs + AllMetrics) are routed to your workspace. | ||
| 4. The connection string and instrumentation key are exposed as deployment outputs so post-provision automation (or your application configuration) can pick them up. | ||
|
|
||
| > **Note:** This is wrapper-side wiring. The upstream AI Landing Zone submodule does not natively support a BYO Log Analytics workspace, so leave `deployLogAnalytics = false` and `deployAppInsights = true` (the defaults) when using BYO so the LAZ does not create its own workspace + Application Insights pair. |
| | `postgreSqlNetworkIsolation` | PostgreSQL private networking toggle (defaults to `networkIsolation`) | `networkIsolation` | | ||
| | `useExistingVNet` | Reuse an existing VNet | `false` | | ||
| | `existingVnetResourceId` | Existing VNet resource ID (when `useExistingVNet=true`) | `` | | ||
| | `existingLogAnalyticsWorkspaceResourceId` | Existing Log Analytics workspace to receive Foundry app + PostgreSQL + Fabric capacity diagnostics. May live in another subscription within the same tenant. | `` | |
Comment on lines
+281
to
+285
| 1. Create an Application Insights component in the deployment resource group, linked to your existing workspace. | ||
| 2. Route PostgreSQL diagnostic logs and metrics to your workspace. | ||
| 3. Route Fabric capacity diagnostic logs and metrics to your workspace. | ||
|
|
||
| The workspace may live in a different resource group or subscription within the same tenant. The identity running `azd up` needs **`Microsoft.Insights/diagnosticSettings/write`** on the workspace itself (covered by the built-in **Log Analytics Contributor** role scoped to the workspace or its resource group — subscription-wide rights are not required). See the **Observability — Bring Your Own Log Analytics Workspace** section in the [Parameter Guide](./parameter_guide.md) for the full output reference (App Insights resource ID, connection string, instrumentation key) and notes on deployment-history exposure of those values. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
This pull request introduces support for "Bring Your Own" (BYO) Log Analytics Workspace for observability of the deployed Foundry application and wrapper-managed resources (PostgreSQL Flexible Server, Fabric capacity). It allows users to supply an existing Log Analytics workspace, to which diagnostic logs and metrics from these resources will be routed. The documentation and infrastructure templates have been updated to reflect these changes, including new parameters, outputs, and guidance.
BYO Log Analytics Workspace (Observability) Support:
existingLogAnalyticsWorkspaceResourceIdininfra/main.bicep,infra/main.json, andinfra/main.bicepparamto allow specifying an existing Log Analytics workspace for observability. [1] [2] [3]Documentation Updates:
README.md,docs/deploymentguide.md,docs/parameter_guide.md) to document the new BYO Log Analytics Workspace feature, including usage instructions, permissions required, and output references. [1] [2] [3] [4] [5] [6]Infrastructure Template Updates:
infra/main.bicep,infra/main.json) to support the new observability parameter and logic, including conditional resource creation and diagnostic settings. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
What to Check
Verify that the following are valid
Other Information