I need to enable diagnostics on all storage accounts . V2 logs to be kept for 7 days for blob , file , queue and tables. I cannot find any examples of this here , or on git or stackoverflow . I noticed some users are using azurecli for this , so i wonder if its supported with terraform providers . Anyway here is what I have , but terraform plan is indicating that its not expecting the logging block " Blocks of type “logging” are not expected here…

here is what I have been playing with .

Test Storage account with logging

resource “azurerm_storage_account” “satestwithlogging” {
name = “salogtest”
resource_group_name = azurerm_resource_group.prodrgroup.name

location = var.location
account_tier = “Standard”
account_replication_type = “LRS”
account_kind = “StorageV2”

network_rules {
default_action = “Deny”
bypass = [“logging”]
}

tags = {
Environment = “Infrastructure”
Application = “Infrastructurelogs”
Owner = “Networkadmin”
Function = “Testonly”
}

logging {
delete = enabled
read = enabled
retention_policy_days = “7”
version = “2”
write = enabled
}

Just some updates from researching this .
1> It appears Terraform can only set logging for Queue_properties . Not for Blob , file and table . ( ref Github-azureRM Issue 4401 )
2 > I tried using AZ CLI storage logging in terraform , but there get XML synatax bug . Also it cannot set logging for File .
3 > I guess the only way around this is to use Terraform create the storage account , then hash out the resource from TF files . Goto portal and set logging manually . IF you dont hash out the TF side , it will override the azure portal config during next terraform apply.

Any help on this please ?
Logging is a compulsory security requirement .