pulumi-azure-kotlin/com.pulumi.azure.mssql.kotlin/ServerExtendedAuditingPolicy

ServerExtendedAuditingPolicy

class ServerExtendedAuditingPolicy : KotlinCustomResource

Manages a MS SQL Server Extended Auditing Policy.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicy;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleServer = new Server("exampleServer", ServerArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .version("12.0")
            .administratorLogin("missadministrator")
            .administratorLoginPassword("AdminPassword123!")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());
        var exampleServerExtendedAuditingPolicy = new ServerExtendedAuditingPolicy("exampleServerExtendedAuditingPolicy", ServerExtendedAuditingPolicyArgs.builder()
            .serverId(exampleServer.id())
            .storageEndpoint(exampleAccount.primaryBlobEndpoint())
            .storageAccountAccessKey(exampleAccount.primaryAccessKey())
            .storageAccountAccessKeyIsSecondary(false)
            .retentionInDays(6)
            .build());
    }
}
Content copied to clipboard

With Storage Account Behind VNet And Firewall

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.mssql.inputs.ServerIdentityArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.sql.VirtualNetworkRule;
import com.pulumi.azure.sql.VirtualNetworkRuleArgs;
import com.pulumi.azure.sql.FirewallRule;
import com.pulumi.azure.sql.FirewallRuleArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.inputs.AccountNetworkRulesArgs;
import com.pulumi.azure.storage.inputs.AccountIdentityArgs;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicy;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .addressSpaces("10.0.0.0/16")
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .build());
        var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.2.0/24")
            .serviceEndpoints(
                "Microsoft.Sql",
                "Microsoft.Storage")
            .enforcePrivateLinkEndpointNetworkPolicies(true)
            .build());
        var exampleServer = new Server("exampleServer", ServerArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .version("12.0")
            .administratorLogin("missadministrator")
            .administratorLoginPassword("AdminPassword123!")
            .minimumTlsVersion("1.2")
            .identity(ServerIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .build());
        var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .roleDefinitionName("Storage Blob Data Contributor")
            .principalId(exampleServer.identity().applyValue(identity -> identity.principalId()))
            .build());
        var sqlvnetrule = new VirtualNetworkRule("sqlvnetrule", VirtualNetworkRuleArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .serverName(exampleServer.name())
            .subnetId(exampleSubnet.id())
            .build());
        var exampleFirewallRule = new FirewallRule("exampleFirewallRule", FirewallRuleArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .serverName(exampleServer.name())
            .startIpAddress("0.0.0.0")
            .endIpAddress("0.0.0.0")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .accountKind("StorageV2")
            .allowNestedItemsToBePublic(false)
            .networkRules(AccountNetworkRulesArgs.builder()
                .defaultAction("Deny")
                .ipRules("127.0.0.1")
                .virtualNetworkSubnetIds(exampleSubnet.id())
                .bypasses("AzureServices")
                .build())
            .identity(AccountIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .build());
        var exampleServerExtendedAuditingPolicy = new ServerExtendedAuditingPolicy("exampleServerExtendedAuditingPolicy", ServerExtendedAuditingPolicyArgs.builder()
            .storageEndpoint(exampleAccount.primaryBlobEndpoint())
            .serverId(exampleServer.id())
            .retentionInDays(6)
            .logMonitoringEnabled(false)
            .storageAccountSubscriptionId(azurerm_subscription.primary().subscription_id())
            .build(), CustomResourceOptions.builder()
                .dependsOn(
                    exampleAssignment,
                    exampleAccount)
                .build());
    }
}
Content copied to clipboard

Import

MS SQL Server Extended Auditing Policies can be imported using the resource id, e.g.

$ pulumi import azure:mssql/serverExtendedAuditingPolicy:ServerExtendedAuditingPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/sqlServer1/extendedAuditingSettings/default
Content copied to clipboard

Properties

Link copied to clipboard
val enabled: Output<Boolean>?

Whether to enable the extended auditing policy. Possible values are true and false. Defaults to true. ->NOTE: If enabled is true, storage_endpoint or log_monitoring_enabled are required.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val logMonitoringEnabled: Output<Boolean>?

Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to true.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val retentionInDays: Output<Int>?

The number of days to retain logs for in the storage account. Defaults to 0.

Link copied to clipboard
val serverId: Output<String>

The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created.

Link copied to clipboard
val storageAccountAccessKey: Output<String>?

The access key to use for the auditing storage account.

Link copied to clipboard
val storageAccountAccessKeyIsSecondary: Output<Boolean>?

Is storage_account_access_key value the storage's secondary key?

Link copied to clipboard
val storageAccountSubscriptionId: Output<String>?

The ID of the Subscription containing the Storage Account.

Link copied to clipboard
val storageEndpoint: Output<String>?

The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all extended auditing logs.

Link copied to clipboard
val urn: Output<String>