Enable Azure Monitor for VMs with Azure Blueprints, Azure Policy and Azure DevOps
It’s been a long time since I wrote a blog, but i’ll try to write one more often. In this blog I will show you how to enable Azure Monitor for VMs and VM Scale sets with Azure Policy and Azure DevOps using Azure Blueprints. In this post I assume you have some experience with at least some of the mentioned products.
To follow the steps you need to have a couple of pre-requisites.
- Access to an Azure Subscription.
- Access to Azure DevOps with a Service Connection (Service Principal) that has Owner permission on the subscription.
- Have the Azure DevOps Blueprint extension installed in your DevOps organization.
- Your favorite IDE to edit the Azure Blueprint files.
If you want to know more about what you can do with Azure Blueprints please read through the Microsoft Docs to get you up to speed!
To get started with the Azure Blueprint you can download the files from here: Github
We don’t go to deep into the blueprint files now but in my example we also deploy a new Resource Group and a Log Analytics workspace to connect the VMs to. You can remove this from the Blueprint.json file and just point to an existing Log Analytics workspace if you want. Edit the azMonitoringWorkspaceName parameter in the assignment.json file with the existing workspace name and remove the resource group references in both the blueprint.json and assignment.json file. Last but not least remove the logAnalytics.json template file from the artifacts folder.
While the Blueprint files are set up in a generic way we only need to make two changes in the assignment.json file. This is basically what you would call a parameter file.
You can update the name and location of the resource group and you can update the name of the Log Analytics workspace in the assignment.json file. Of course if you want you can try it with the default values as well.
Next up is creating the Azure DevOps YAML pipeline. Working with Blueprints is a 2-step process. First you publish a blueprint and after publishing the blueprint you assign the blueprint to either a subscription or management group. The mentioned extension makes it easy to deploy and maintain the blueprint definition via CI/CD.
Let’s get started with the technical stuff..
1. Create a new pipeline.
For this purpose I have a very basic pipeline, which can also be found in the root of my Github blueprints repository.
2. Edit the Service Connection variable with the name of your service connection in Azure DevOps.
</figure>
3. Run the pipeline.
Look at the Blueprints assigned blueprints page if it was successfull you can view the Azure Policy blade as well. It will take a couple of minutes for results to show up though.
After a couple of minutes you should be able to see the results in the Azure Policy blade, as you can see I am not fully compliant. I can create a remediation task to solve this. New VMs and Scale sets will be remediated upon creation.
</figure>
Now you’ve learned what you can do when combining these great tools. I hope I inspired you to use either one of these tools for your environments.
Deploy your Azure Blueprints with Azure DevOps automatically enabling Virtual Machines to be monitored with Azure Monitor! If you run into a problem or have questions let me know. 😄
Resources used to write this blog:
Comments