Usually I would bring a solution to my post but this post is a solution with a warning!
Obviously we are going towards private endpointing all resources but guess what ! your application insights cannot consume private endpoints data untill Azure Monitor Private Link Service (AMPLS) is not leavraged.
Warning, current limitation:
------++++------++++------------+++
If you are using on-prem i.e customer managed DNS then this is not supported per VNet/project as MS docs says. You might only be able to stand one AMPLS for your HUB VNet only (I have not tried).
Below is code collected from various MS docs for complete solution AMPLS + App Insights + App Insights isolation + Storage Account for App Insights + Connecting Web App + Connecting Funtion App + activating profiler for Web App! Phew.
Lot of hard work done for you 😁
$r = New-AzApplicationInsights -ResourceGroupName $rg -Location $location -Name $name `
-PublicNetworkAccessForIngestion "Disabled" -PublicNetworkAccessForQuery "Disabled"
# AMPLS only global region is available as Az Monitor is in Global.
$productAMPLS = New-AzInsightsPrivateLinkScope -ResourceGroupName $rg -Name $name -Location "global"
$productPeCon = New-AzPrivateLinkServiceConnection -Name "$($productNameAMPLS)-con" `
-PrivateLinkServiceId $productAMPLS.Id -GroupId "azuremonitor" -AzContext $global:AzContext
$productPeAmpls = New-AzPrivateEndpoint -ResourceGroupName $rg -Name $productNamePeAMPLS `
-Location $location -Subnet $subnet -PrivateLinkServiceConnection $productPeCon -AzContext $global:AzContext
# link App insight(s)
$r = New-AzInsightsPrivateLinkScopedResource -ResourceGroupName $rg `
-LinkedResourceId $row.resourceId -Name $name `
-ScopeName $productNameAMPLS
# Turn on the app insights for function apps
try {
$site = Get-AzWebApp -Name $row.Name -ResourceGroupName $rg
$aspName = $site.ServerFarmId.split('-')[-1]
"Resource:[$($site.Name)] aspName:[$($aspName)]"
if ($appInsight) {
"Start - $($site.Name) -> $($appInsight.resourceName)"
if($site.Kind -eq "functionapp"){
$r = Update-AzFunctionApp -ResourceGroupName $rg`
-Name $site.Name `
-ApplicationInsightsName $appInsight.resourceName
"Done - $($row.resourceName) -> $appInsight"
}
else{
$appInsights = Get-AzApplicationInsights -Name $appInsight.resourceName -ResourceGroupName $rg
$appSettings = $site.SiteConfig.AppSettings
$newAppSettings = @{}
ForEach ($item in $appSettings) {
$newAppSettings[$item.Name] = $item.Value
}
$newAppSettings["APPINSIGHTS_INSTRUMENTATIONKEY"] = $appInsights.InstrumentationKey; # set the Application Insights instrumentation key
$newAppSettings["APPLICATIONINSIGHTS_CONNECTION_STRING"] = "InstrumentationKey=$($appInsights.InstrumentationKey)"; # set the Application Insights connection string
$newAppSettings["ApplicationInsightsAgent_EXTENSION_VERSION"] = "~2"; # enable the ApplicationInsightsAgent
Set-AzWebApp -ResourceGroupName $rg -Name $site.Name -AppSettings $newAppSettings
"Done - $($row.resourceName) -> $appInsight"
}
}
else {
"Name Match Not found - Name:[$row.name] [$appInsight] nothing done!!"
}
}
catch {
"ERROR - $($row.resourceName) -> $appInsight"
}
finally {
"Restart - $($r.Name)"
Restart-AzWebApp -ResourceGroupName $productNameRg -Name $r.Name
}
# App Insights attach the insights storage account to it
$staInsights = <name of your storage acocunt>
foreach ($row in ($applicationInsights)) } )) {
$appInsights = Get-AzApplicationInsights -ResourceGroupName $rg -Name $row.resourceName
Remove-AzApplicationInsightsLinkedStorageAccount -ResourceId $appInsights.Id
$storageAccount = Get-AzStorageAccount -ResourceGroupName $rg -Name $staInsights.resourceName
$appInsights = Get-AzApplicationInsights -ResourceGroupName $rg -Name $row.resourceName
New-AzApplicationInsightsLinkedStorageAccount -ResourceId $appInsights.Id -LinkedStorageAccountResourceId $storageAccount.Id
}
Comments
Post a Comment