From 48a1bfd50e2529af81b10ed486b7c18f2a820f67 Mon Sep 17 00:00:00 2001
From: Eskil Uhlving Larsen <7443949+picccard@users.noreply.github.com>
Date: Wed, 14 Jun 2023 16:02:23 +0200
Subject: [PATCH] Unlink log analytics workspace and automation account (#555)

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
---
 .../modules/logging/generateddocs/logging.bicep.md   | 12 ++++++++++++
 infra-as-code/bicep/modules/logging/logging.bicep    |  5 ++++-
 .../logging/parameters/logging.parameters.all.json   |  3 +++
 .../parameters/mc-logging.parameters.all.json        |  3 +++
 4 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
index a2d6abd7..fbf2fa07 100644
--- a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
+++ b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
@@ -11,6 +11,7 @@ parLogAnalyticsWorkspaceLocation | No       | Log Analytics region name - Ensure
 parLogAnalyticsWorkspaceSkuName | No       | Log Analytics Workspace sku name.
 parLogAnalyticsWorkspaceLogRetentionInDays | No       | Number of days of log retention for Log Analytics Workspace.
 parLogAnalyticsWorkspaceSolutions | No       | Solutions that will be added to the Log Analytics Workspace.
+parLogAnalyticsWorkspaceLinkAutomationAccount | No       | Log Analytics Workspace should be linked with the automation account.
 parAutomationAccountName | No       | Automation account name.
 parAutomationAccountLocation | No       | Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings.
 parAutomationAccountUseManagedIdentity | No       | Automation Account - use managed identity.
@@ -63,6 +64,14 @@ Solutions that will be added to the Log Analytics Workspace.
 
 - Allowed values: `AgentHealthAssessment`, `AntiMalware`, `ChangeTracking`, `Security`, `SecurityInsights`, `ServiceMap`, `SQLAdvancedThreatProtection`, `SQLVulnerabilityAssessment`, `SQLAssessment`, `Updates`, `VMInsights`
 
+### parLogAnalyticsWorkspaceLinkAutomationAccount
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Log Analytics Workspace should be linked with the automation account.
+
+- Default value: `True`
+
 ### parAutomationAccountName
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -166,6 +175,9 @@ outAutomationAccountId | string |
                 "VMInsights"
             ]
         },
+        "parLogAnalyticsWorkspaceLinkAutomationAccount": {
+            "value": true
+        },
         "parAutomationAccountName": {
             "value": "alz-automation-account"
         },
diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep
index 1c3695ae..f543ca83 100644
--- a/infra-as-code/bicep/modules/logging/logging.bicep
+++ b/infra-as-code/bicep/modules/logging/logging.bicep
@@ -52,6 +52,9 @@ param parLogAnalyticsWorkspaceSolutions array = [
   'VMInsights'
 ]
 
+@sys.description('Log Analytics Workspace should be linked with the automation account.')
+param parLogAnalyticsWorkspaceLinkAutomationAccount bool = true
+
 @sys.description('Automation account name.')
 param parAutomationAccountName string = 'alz-automation-account'
 
@@ -120,7 +123,7 @@ resource resLogAnalyticsWorkspaceSolutions 'Microsoft.OperationsManagement/solut
   }
 }]
 
-resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = {
+resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = if (parLogAnalyticsWorkspaceLinkAutomationAccount) {
   name: '${resLogAnalyticsWorkspace.name}/Automation'
   properties: {
     resourceId: resAutomationAccount.id
diff --git a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
index 6245b957..ac8d3a3c 100644
--- a/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json
@@ -28,6 +28,9 @@
         "VMInsights"
       ]
     },
+    "parLogAnalyticsWorkspaceLinkAutomationAccount": {
+      "value": true
+    },
     "parAutomationAccountName": {
       "value": "alz-automation-account"
     },
diff --git a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
index b2e994b6..5881fbcd 100644
--- a/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
+++ b/infra-as-code/bicep/modules/logging/parameters/mc-logging.parameters.all.json
@@ -28,6 +28,9 @@
         "VMInsights"
       ]
     },
+    "parLogAnalyticsWorkspaceLinkAutomationAccount": {
+      "value": true
+    },
     "parAutomationAccountName": {
       "value": "alz-automation-account"
     },