Ensure log analytics workspace has daily quota value set for Azure Log Analytics Workspace

LOW

Description

Infinite daily quota for Azure Log Analytics Workspace may cause a surge in cost.

Remediation

In Azure Console -

Open the Azure Portal and go to Log Analytics workspaces.
Select the workspace you wish to edit.
Under Overview, select Manage costs.
Select the appropriate plan tier based on your storage needs.
Alternately, you can select the Daily Cap button and set the quota to a value in Gb greater than 10.

In Terraform -

In the azurerm_log_analytics_workspace resource, set daily_quota_gb to a value greater than 10.

References:
https://learn.microsoft.com/en-us/azure/azure-monitor/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace#daily_quota_gb

Policy Details

Rule Reference ID: AC_AZURE_0146

CSP: Azure

Remediation Available: Yes

Domain: Compliance Validation

Resource: azurerm_log_analytics_workspace

Resource Category: Analytics

Resource Type: Log Analytics Workspace

Frameworks

GDPR
HIPAA
NIST-800-53
NIST-CSF