From ef54902db9d84e5e237aea8c6c979b8e286ef7df Mon Sep 17 00:00:00 2001 From: Nanxuan Xu Date: Sat, 5 Aug 2023 20:18:46 +0800 Subject: [PATCH 1/2] add example of sql security alert policy --- .../101-sql-security-alert-policy/main.tf | 46 +++++++++++++++++++ .../101-sql-security-alert-policy/outputs.tf | 12 +++++ .../providers.tf | 16 +++++++ .../variables.tf | 30 ++++++++++++ 4 files changed, 104 insertions(+) create mode 100644 quickstart/101-sql-security-alert-policy/main.tf create mode 100644 quickstart/101-sql-security-alert-policy/outputs.tf create mode 100644 quickstart/101-sql-security-alert-policy/providers.tf create mode 100644 quickstart/101-sql-security-alert-policy/variables.tf diff --git a/quickstart/101-sql-security-alert-policy/main.tf b/quickstart/101-sql-security-alert-policy/main.tf new file mode 100644 index 000000000..5f468a089 --- /dev/null +++ b/quickstart/101-sql-security-alert-policy/main.tf @@ -0,0 +1,46 @@ +resource "random_pet" "rg_name" { + prefix = var.resource_group_name_prefix +} + +resource "azurerm_resource_group" "rg" { + name = random_pet.rg_name.id + location = var.resource_group_location +} + +resource "random_pet" "azurerm_mssql_server_name" { + prefix = "sql" +} + +resource "random_password" "admin_password" { + count = var.admin_password == null ? 1 : 0 + length = 20 + special = true + min_numeric = 1 + min_upper = 1 + min_lower = 1 + min_special = 1 +} + +locals { + admin_password = try(random_password.admin_password[0].result, var.admin_password) +} + +resource "azurerm_mssql_server" "server" { + name = random_pet.azurerm_mssql_server_name.id + resource_group_name = azurerm_resource_group.rg.name + location = azurerm_resource_group.rg.location + administrator_login = var.admin_username + administrator_login_password = local.admin_password + version = "12.0" +} + +resource "azurerm_mssql_server_security_alert_policy" "example" { + resource_group_name = azurerm_resource_group.rg.name + server_name = azurerm_mssql_server.server.name + state = "Enabled" + disabled_alerts = [ + "Sql_Injection", + "Data_Exfiltration" + ] + retention_days = 20 +} \ No newline at end of file diff --git a/quickstart/101-sql-security-alert-policy/outputs.tf b/quickstart/101-sql-security-alert-policy/outputs.tf new file mode 100644 index 000000000..7262f1285 --- /dev/null +++ b/quickstart/101-sql-security-alert-policy/outputs.tf @@ -0,0 +1,12 @@ +output "resource_group_name" { + value = azurerm_resource_group.rg.name +} + +output "sql_server_name" { + value = azurerm_mssql_server.server.name +} + +output "admin_password" { + sensitive = true + value = local.admin_password +} diff --git a/quickstart/101-sql-security-alert-policy/providers.tf b/quickstart/101-sql-security-alert-policy/providers.tf new file mode 100644 index 000000000..4fd5f6ba7 --- /dev/null +++ b/quickstart/101-sql-security-alert-policy/providers.tf @@ -0,0 +1,16 @@ +terraform { + required_version = ">=1.0" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~>3.0" + } + random = { + source = "hashicorp/random" + version = "~>3.0" + } + } +} +provider "azurerm" { + features {} +} \ No newline at end of file diff --git a/quickstart/101-sql-security-alert-policy/variables.tf b/quickstart/101-sql-security-alert-policy/variables.tf new file mode 100644 index 000000000..dcdc446c9 --- /dev/null +++ b/quickstart/101-sql-security-alert-policy/variables.tf @@ -0,0 +1,30 @@ +variable "resource_group_location" { + type = string + description = "Location for all resources." + default = "eastus" +} + +variable "resource_group_name_prefix" { + type = string + description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." + default = "rg" +} + +variable "sql_db_name" { + type = string + description = "The name of the SQL Database." + default = "SampleDB" +} + +variable "admin_username" { + type = string + description = "The administrator username of the SQL logical server." + default = "azureadmin" +} + +variable "admin_password" { + type = string + description = "The administrator password of the SQL logical server." + sensitive = true + default = null +} From 92cdfad54df363ac86c4b0ae0f1b1842b5f7396c Mon Sep 17 00:00:00 2001 From: Nanxuan Xu Date: Sat, 5 Aug 2023 20:21:59 +0800 Subject: [PATCH 2/2] fix format --- quickstart/101-sql-security-alert-policy/outputs.tf | 2 +- quickstart/101-sql-security-alert-policy/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/quickstart/101-sql-security-alert-policy/outputs.tf b/quickstart/101-sql-security-alert-policy/outputs.tf index 7262f1285..226b29035 100644 --- a/quickstart/101-sql-security-alert-policy/outputs.tf +++ b/quickstart/101-sql-security-alert-policy/outputs.tf @@ -9,4 +9,4 @@ output "sql_server_name" { output "admin_password" { sensitive = true value = local.admin_password -} +} \ No newline at end of file diff --git a/quickstart/101-sql-security-alert-policy/variables.tf b/quickstart/101-sql-security-alert-policy/variables.tf index dcdc446c9..24f0b1501 100644 --- a/quickstart/101-sql-security-alert-policy/variables.tf +++ b/quickstart/101-sql-security-alert-policy/variables.tf @@ -27,4 +27,4 @@ variable "admin_password" { description = "The administrator password of the SQL logical server." sensitive = true default = null -} +} \ No newline at end of file