-
Notifications
You must be signed in to change notification settings - Fork 796
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add an example of sql security alert policy (#241)
* add example of sql security alert policy --------- Co-authored-by: Nanxuan Xu <nanxu@microsoft.com>
- Loading branch information
1 parent
9a2f9b8
commit 8659e09
Showing
4 changed files
with
104 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
resource "random_pet" "rg_name" { | ||
prefix = var.resource_group_name_prefix | ||
} | ||
|
||
resource "azurerm_resource_group" "rg" { | ||
name = random_pet.rg_name.id | ||
location = var.resource_group_location | ||
} | ||
|
||
resource "random_pet" "azurerm_mssql_server_name" { | ||
prefix = "sql" | ||
} | ||
|
||
resource "random_password" "admin_password" { | ||
count = var.admin_password == null ? 1 : 0 | ||
length = 20 | ||
special = true | ||
min_numeric = 1 | ||
min_upper = 1 | ||
min_lower = 1 | ||
min_special = 1 | ||
} | ||
|
||
locals { | ||
admin_password = try(random_password.admin_password[0].result, var.admin_password) | ||
} | ||
|
||
resource "azurerm_mssql_server" "server" { | ||
name = random_pet.azurerm_mssql_server_name.id | ||
resource_group_name = azurerm_resource_group.rg.name | ||
location = azurerm_resource_group.rg.location | ||
administrator_login = var.admin_username | ||
administrator_login_password = local.admin_password | ||
version = "12.0" | ||
} | ||
|
||
resource "azurerm_mssql_server_security_alert_policy" "example" { | ||
resource_group_name = azurerm_resource_group.rg.name | ||
server_name = azurerm_mssql_server.server.name | ||
state = "Enabled" | ||
disabled_alerts = [ | ||
"Sql_Injection", | ||
"Data_Exfiltration" | ||
] | ||
retention_days = 20 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
output "resource_group_name" { | ||
value = azurerm_resource_group.rg.name | ||
} | ||
|
||
output "sql_server_name" { | ||
value = azurerm_mssql_server.server.name | ||
} | ||
|
||
output "admin_password" { | ||
sensitive = true | ||
value = local.admin_password | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
terraform { | ||
required_version = ">=1.0" | ||
required_providers { | ||
azurerm = { | ||
source = "hashicorp/azurerm" | ||
version = "~>3.0" | ||
} | ||
random = { | ||
source = "hashicorp/random" | ||
version = "~>3.0" | ||
} | ||
} | ||
} | ||
provider "azurerm" { | ||
features {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
variable "resource_group_location" { | ||
type = string | ||
description = "Location for all resources." | ||
default = "eastus" | ||
} | ||
|
||
variable "resource_group_name_prefix" { | ||
type = string | ||
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." | ||
default = "rg" | ||
} | ||
|
||
variable "sql_db_name" { | ||
type = string | ||
description = "The name of the SQL Database." | ||
default = "SampleDB" | ||
} | ||
|
||
variable "admin_username" { | ||
type = string | ||
description = "The administrator username of the SQL logical server." | ||
default = "azureadmin" | ||
} | ||
|
||
variable "admin_password" { | ||
type = string | ||
description = "The administrator password of the SQL logical server." | ||
sensitive = true | ||
default = null | ||
} |