Database
data class DatabaseThreatDetectionPolicyArgs(val databaseName: Output<String>? = null, val disabledAlerts: Output<String>? = null, val emailAccountAdmins: Output<Either<String, SecurityAlertPolicyEmailAccountAdmins>>? = null, val emailAddresses: Output<String>? = null, val location: Output<String>? = null, val resourceGroupName: Output<String>? = null, val retentionDays: Output<Int>? = null, val securityAlertPolicyName: Output<String>? = null, val serverName: Output<String>? = null, val state: Output<Either<String, SecurityAlertPolicyState>>? = null, val storageAccountAccessKey: Output<String>? = null, val storageEndpoint: Output<String>? = null, val useServerDefault: Output<Either<String, SecurityAlertPolicyUseServerDefault>>? = null) : ConvertibleToJava<DatabaseThreatDetectionPolicyArgs>
Contains information about a database Threat Detection policy. Uses Azure REST API version 2014-04-01. In version 2.x of the Azure Native provider, it used API version 2014-04-01.
Example Usage
Create database security alert policy max
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var databaseThreatDetectionPolicy = new AzureNative.Sql.DatabaseThreatDetectionPolicy("databaseThreatDetectionPolicy", new()
{
DatabaseName = "testdb",
DisabledAlerts = "Sql_Injection;Usage_Anomaly;",
EmailAccountAdmins = AzureNative.Sql.SecurityAlertPolicyEmailAccountAdmins.Enabled,
EmailAddresses = "test@microsoft.com;user@microsoft.com",
ResourceGroupName = "securityalert-4799",
RetentionDays = 6,
SecurityAlertPolicyName = "default",
ServerName = "securityalert-6440",
State = AzureNative.Sql.SecurityAlertPolicyState.Enabled,
StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://mystorage.blob.core.windows.net",
UseServerDefault = AzureNative.Sql.SecurityAlertPolicyUseServerDefault.Enabled,
});
});Content copied to clipboard
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewDatabaseThreatDetectionPolicy(ctx, "databaseThreatDetectionPolicy", &sql.DatabaseThreatDetectionPolicyArgs{
DatabaseName: pulumi.String("testdb"),
DisabledAlerts: pulumi.String("Sql_Injection;Usage_Anomaly;"),
EmailAccountAdmins: pulumi.String(sql.SecurityAlertPolicyEmailAccountAdminsEnabled),
EmailAddresses: pulumi.String("test@microsoft.com;user@microsoft.com"),
ResourceGroupName: pulumi.String("securityalert-4799"),
RetentionDays: pulumi.Int(6),
SecurityAlertPolicyName: pulumi.String("default"),
ServerName: pulumi.String("securityalert-6440"),
State: pulumi.String(sql.SecurityAlertPolicyStateEnabled),
StorageAccountAccessKey: pulumi.String("sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD=="),
StorageEndpoint: pulumi.String("https://mystorage.blob.core.windows.net"),
UseServerDefault: pulumi.String(sql.SecurityAlertPolicyUseServerDefaultEnabled),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.DatabaseThreatDetectionPolicy;
import com.pulumi.azurenative.sql.DatabaseThreatDetectionPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var databaseThreatDetectionPolicy = new DatabaseThreatDetectionPolicy("databaseThreatDetectionPolicy", DatabaseThreatDetectionPolicyArgs.builder()
.databaseName("testdb")
.disabledAlerts("Sql_Injection;Usage_Anomaly;")
.emailAccountAdmins("Enabled")
.emailAddresses("test@microsoft.com;user@microsoft.com")
.resourceGroupName("securityalert-4799")
.retentionDays(6)
.securityAlertPolicyName("default")
.serverName("securityalert-6440")
.state("Enabled")
.storageAccountAccessKey("sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==")
.storageEndpoint("https://mystorage.blob.core.windows.net")
.useServerDefault("Enabled")
.build());
}
}Content copied to clipboard
Create database security alert policy min
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var databaseThreatDetectionPolicy = new AzureNative.Sql.DatabaseThreatDetectionPolicy("databaseThreatDetectionPolicy", new()
{
DatabaseName = "testdb",
ResourceGroupName = "securityalert-4799",
SecurityAlertPolicyName = "default",
ServerName = "securityalert-6440",
State = AzureNative.Sql.SecurityAlertPolicyState.Enabled,
StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://mystorage.blob.core.windows.net",
});
});Content copied to clipboard
package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewDatabaseThreatDetectionPolicy(ctx, "databaseThreatDetectionPolicy", &sql.DatabaseThreatDetectionPolicyArgs{
DatabaseName: pulumi.String("testdb"),
ResourceGroupName: pulumi.String("securityalert-4799"),
SecurityAlertPolicyName: pulumi.String("default"),
ServerName: pulumi.String("securityalert-6440"),
State: pulumi.String(sql.SecurityAlertPolicyStateEnabled),
StorageAccountAccessKey: pulumi.String("sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD=="),
StorageEndpoint: pulumi.String("https://mystorage.blob.core.windows.net"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.DatabaseThreatDetectionPolicy;
import com.pulumi.azurenative.sql.DatabaseThreatDetectionPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var databaseThreatDetectionPolicy = new DatabaseThreatDetectionPolicy("databaseThreatDetectionPolicy", DatabaseThreatDetectionPolicyArgs.builder()
.databaseName("testdb")
.resourceGroupName("securityalert-4799")
.securityAlertPolicyName("default")
.serverName("securityalert-6440")
.state("Enabled")
.storageAccountAccessKey("sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==")
.storageEndpoint("https://mystorage.blob.core.windows.net")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:sql:DatabaseThreatDetectionPolicy default /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/securityAlertPolicies/{securityAlertPolicyName}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(databaseName: Output<String>? = null, disabledAlerts: Output<String>? = null, emailAccountAdmins: Output<Either<String, SecurityAlertPolicyEmailAccountAdmins>>? = null, emailAddresses: Output<String>? = null, location: Output<String>? = null, resourceGroupName: Output<String>? = null, retentionDays: Output<Int>? = null, securityAlertPolicyName: Output<String>? = null, serverName: Output<String>? = null, state: Output<Either<String, SecurityAlertPolicyState>>? = null, storageAccountAccessKey: Output<String>? = null, storageEndpoint: Output<String>? = null, useServerDefault: Output<Either<String, SecurityAlertPolicyUseServerDefault>>? = null)
Properties
Link copied to clipboard
The name of the database for which database Threat Detection policy is defined.
Link copied to clipboard
Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: Sql_Injection; Sql_Injection_Vulnerability; Access_Anomaly; Data_Exfiltration; Unsafe_Action.
Link copied to clipboard
Specifies that the alert is sent to the account administrators.
Link copied to clipboard
Specifies the semicolon-separated list of e-mail addresses to which the alert is sent.
Link copied to clipboard
The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.
Link copied to clipboard
Specifies the number of days to keep in the Threat Detection audit logs.
Link copied to clipboard
The name of the security alert policy.
Link copied to clipboard
The name of the server.
Link copied to clipboard
Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.
Link copied to clipboard
Specifies the identifier key of the Threat Detection audit storage account. If state is Enabled, storageAccountAccessKey is required.
Link copied to clipboard
Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. If state is Enabled, storageEndpoint is required.
Link copied to clipboard
Specifies whether to use the default server policy.