Terraform for Azure Managed Database MSSQL Server

Current Version: v2.0.3

Summary

Creates MSSQL Server for use with the Azure Managed Database for MSSQL.

Examples for using the module can be found here.

Changelog can be found in CHANGELOG.md

The Server will be created with the following:

• Security Alert Policy
• Extended Auditing Policy
• Vulnerability Assesement
• System Assigned Managed Identity
• Allow Azure Internal Firewall Rule

Using this module you will be able to create:

• Azure SQL Server
• Azure Storage Account
• Azure Private Endpoint
• Azure Storage Container

User Input Requirement

See inputs and examples for reference.

Requirements

No requirements.

Providers

Name	Version
azurerm	n/a

Modules

No modules.

Resources

Name	Type
azurerm_mssql_firewall_rule.AllowAzure	resource
azurerm_mssql_firewall_rule.mssql	resource
azurerm_mssql_server.mssql	resource
azurerm_mssql_server_extended_auditing_policy.this	resource
azurerm_mssql_server_security_alert_policy.this	resource
azurerm_mssql_server_vulnerability_assessment.this	resource
azurerm_mssql_virtual_network_rule.this	resource
azurerm_private_endpoint.this	resource
azurerm_role_assignment.mi	resource
azurerm_role_assignment.this	resource
azurerm_storage_account.this	resource
azurerm_storage_container.this	resource
azurerm_key_vault.sqlhstkv	data source
azurerm_key_vault_secret.sqlhstsvc	data source
azurerm_key_vault_secret.storageaccountname	data source
azurerm_storage_account.storageaccountinfo	data source

Inputs

Name	Description	Type	Default	Required
account_replication_type	(Required) Defines the type of replication to use for this storage account. Valid options are LRS, GRS, RAGRS, ZRS, GZRS and RAGZRS.	string	"LRS"	no
active_directory_administrator_login_username	The Active Directory Administrator Login Username	string	""	no
active_directory_administrator_object_id	The Active Directory Administrator Object ID	string	""	no
active_directory_administrator_tenant_id	The Active Directory Administrator Tenant ID	string	""	no
administrator_login	(Required) The Administrator Login for the MSSQL Server	any	n/a	yes
administrator_login_password	(Required) The Password associated with the administrator_login for the PostgreSQL Server.	any	n/a	yes
connection_policy	The connection policy the server will use (Default, Proxy or Redirect)	string	"Default"	no
emails	List of email addresses that should recieve the security reports	list(string)	[]	no
environment	The environment used for keyvault access	any	n/a	yes
express_va_enabled	Is Express configuration of Vulnerability settings on Microsoft Cloud Defender being used?	bool	true	no
firewall_rules	Specifies the Start IP Address associated with this Firewall Rule	list(string)	n/a	yes
kv_enable	(Optional) Enable Key Vault for passwords.	bool	false	no
kv_name	The keyvault name	string	""	no
kv_rg	The keyvault resource group	string	""	no
location	Specifies the supported Azure location where the resource exists	string	"canadacentral"	no
mssql_version	The version of the MSSQL Server	string	"12.0"	no
name	The name of the MSSQL Server	any	n/a	yes
primary_mi_id	(Optional) The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to.	any	null	no
private_endpoints	(Optional) Options to enable private endpoint	any	null	no
resource_group_name	The name of the resource group in which to create the MSSQL Server	any	n/a	yes
retention_days	Specifies the retention in days for logs for this MSSQL Server	number	90	no
sa_resource_group_name	The storageaccountinfo resource group name	string	""	no
ssl_minimal_tls_version_enforced	The mimimun TLS version to support on the sever	string	"1.2"	no
subnets	n/a	list	[]	no
tags	(Optional) A mapping of tags which should be assigned to this Virtual Machine	map(string)	null	no

Outputs

Name	Description
assessment_id	n/a
firewall	n/a
id	n/a
identity_object_id	n/a
identity_tenant_id	n/a
name	n/a
sa_primary_access_key	n/a
sa_primary_blob_endpoint	n/a