Enterprise-Scale icon indicating copy to clipboard operation
Enterprise-Scale copied to clipboard
verified publisher icon Azure

Option to Enable Azure Monitor Agent (AMA) initiave

Open rikunarhi-cloud2 opened this issue 3 years ago • 10 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Is your feature request related to a problem?

We are starting to transfer our monitoring agents from the old Log analytics agent to the AMA. Currently the option settings.log_analytics.config.enable_monitoring_for_vm deploys a legacy policy.

Now if we want to create our own Data collection rules we will have to create them outside of the module.

Describe the solution you'd like

We would like to have the settings.log_analytics.config.enable_monitoring_for_vm to deploy the new policy 9dffaf29-5905-4145-883c-957eb442c226.

Second option would be the ability to create Data collection rules with the advanced block of the configuremanagementresources. So that then we can deploy a policy that just installs the agent and associates the agent with the data collection rule.

Additional context

rikunarhi-cloud2 avatar Sep 23 '22 06:09 rikunarhi-cloud2

Thanks for raising this @rikunarhi-cloud2,

I have transferred this to this repo as all our policies live as a source of truth in this repo and then pulled into Terraform or Bicep implementations.

We are currently working with the Azure Monitor engineering teams to plan the migration of ALZ from MMA to AMA and are nearing the point where we can begin the required work, but not just yet.

@paulgrimley is leading this from our side as a PM, so looping him in.

As a side note we are working with the engineering teams to get this previously raised policy issue resolved #1033 before we start with the AMA migration work as this will impact a number of customers if we just migrated today due to hardcoded eastus deployment location of the managed identity.

So, stay tuned and now we are working on this behind the scenes and hope to make it come to reality very soon.

Thanks

Jack

jtracey93 avatar Sep 23 '22 09:09 jtracey93

@rikunarhi-cloud2 thanks for raising this, we are indeed in deep discussions (and have been for some time) with the Monitor PG on transitioning ALZ to AMA. I am hopeful we should see progress in the next few weeks as we're keen to get this switched over.

paulgrimley avatar Sep 23 '22 13:09 paulgrimley

What is the status of this?

rikunarhi-cloud2 avatar Jan 24 '23 08:01 rikunarhi-cloud2

Hi @rikunarhi-cloud2 we are still working with Monitor PG who are finalising date for GA parity with MMA before we are able to switch to AMA. The ALZ team are working in the background in readiness for GA so we can determine what is needed to be updated for each of the reference implementations (Portal, Bicep and Terraform).

paulgrimley avatar Jan 24 '23 17:01 paulgrimley

Eagerly Waiting. Or Shall we move ahead archetype_extension using Policy that work today?

spotakash avatar Feb 16 '23 05:02 spotakash

@spotakash you can indeed add it manually yourself in the TF module using the archetype_extension, but we are using this feature to track the addition/migration to AMA from MMA and all the other work this encompasses. Docs, guidance, policy work, implementation changes.

As Paul has mentioned there is work going on with the AMA teams to ensure we have everything aligned and in place for parity, then we will begin our work.

jtracey93 avatar Feb 16 '23 09:02 jtracey93

is there any progress on this? We can't postpone this migration much longer and we'd prefer if this was implemented in Enterprise-Scale/ALZ policies instead of our own custom policy implementation.

JasperCodes avatar Oct 12 '23 08:10 JasperCodes

Appreciate you requesting an update on this @JasperCodes, we are continuing to work in the background to drive this forward and this relies on a number of teams who leverage the MMA agent providing parity general availability alternatives to allow ALZ to transition to the AMA agent as we need to cater for all our customers who will use different components of the MMA solution so its not easy to just switch over with some services announced as GA for AMA. Defender for Cloud is one of the biggest users of the AMA agent and new GA comparable coverage (of solutions that ALZ currently deploy today) vs MMA is at least April 2024 as per https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-strategy-and-plan-towards-log/ba-p/3883341.

My recommendation would be to look at what components your organisation uses and determine if AMA could be leveraged (and services are GA) and would recommend raising a support ticket if you have further concerns against services you require that are not GA with the pending deprecation date approaching if needed.

paulgrimley avatar Oct 12 '23 10:10 paulgrimley

Any news / progress around this to migrate to the built-in initiatives? Thanks

“Enable Azure Monitor for VMs” should be updated to point to the correct built-in policy initiative: Enable Azure Monitor for VMs with Azure Monitoring Agent(AMA) - 924bfe3a-762f-40e7-86dd-5c8b95eb09e6

“Enable Azure Monitor for Virtual Machine Scale Sets” instead of “Enable Azure Monitor for Virtual Machine Scale Sets” Enable Azure Monitor for VMSS with Azure Monitoring Agent(AMA) - f5bf694c-cca7-4033-b883-3a23327d5485

vegazbabz avatar Jan 27 '24 00:01 vegazbabz

We're actively working on this, we plan to have the portal updated to use AMA in the next few days then we will review how to integrate this with our Terraform and Bicep reference implementations. Please check the roadmap for updates aka.ms/alz/roadmap (I have just made an update to the MMA deprecation item https://github.com/orgs/Azure/projects/487?pane=issue&itemId=30803412) cc: @arjenhuitema

paulgrimley avatar Jan 29 '24 12:01 paulgrimley

Is there a timeline for supporting AMA being supported in Terraform implementation?

jimays-avila avatar Apr 30 '24 12:04 jimays-avila

Hi @jimays-avila thanks for the nudge and the short answer is yes! all going well we are planning for June. Please see https://github.com/orgs/Azure/projects/487?pane=issue&itemId=30803412 for more details in our roadmap updates.

paulgrimley avatar Apr 30 '24 13:04 paulgrimley

@paulgrimley: Would this be more at the beginning or end of June? We have been eagerly waiting for this, as the 31st August is nearby. Thanks in advance for your reply.

eddy-vera avatar May 23 '24 05:05 eddy-vera

@eddy-vera to be safe I would say end of June, we are working hard to get this out so can assure you we are doing all we can to get this out as quick as possible, thank you for your patience with this.

paulgrimley avatar May 23 '24 12:05 paulgrimley

Closing this issue as we have now completed this work please visit https://aka.ms/alz/ama/blog for more information

cc: @arjenhuitema

paulgrimley avatar Jun 24 '24 11:06 paulgrimley