Opt-in for AllMetrics diagnostic settings

[glennmusa]

Benefit/Result/Outcome

The Diagnostics Setting for AllMetrics is verbose, costly, and not always necessary for SCCA compliance. Instead of being turned on by default, we can make this an opt-in decision.

Description

The Diagnostic Settings resources are currently created for the firewall, the firewall Public IP addresses, and all network security groups. Update these diagnostic settings resources with metrics collections that by default do not configure the AllMetrics category, but given a boolean parameter, include that AllMetrics category.

Acceptance Criteria

• The AllMetrics diagnostic setting is not enabled by default on the firewall, public IP addresses, and network security groups.
• The firewall, public IP, and network security groups have separate boolean parameters that default to false which can be overridden to enable AllMetrics on any of the resource types listed above, i.e., three boolean parameters that control their respective AllMetrics settings.
• The parameters are available in Bicep and Terraform.
• The parameters are visible in the portal form.

[brooke-hamilton]

@glennmusa apologies for asking this after triage happened on this item.

I updated the acceptance criteria to add more detail. I want to verify that there is currently no diagnostic setting applied to NSGs (unless it's the default) and we want to add one. The description says NSGs currently have AllMetrics applied to them but I don't find it in the code.

Questions:

• Do you think the default should be true instead of false for AllMetrics because that's our current setting, and changing it would change the behavior of MLZ, which could be unexpected for some people?
• As part of this backlog item are we adding a setting for NSGs? (I added it to the acceptance criteria but I want to confirm.)