pulumi-azure-kotlin/com.pulumi.azure.mssql.kotlin/ServerMicrosoftSupportAuditingPolicyArgs

ServerMicrosoftSupportAuditingPolicyArgs

data class ServerMicrosoftSupportAuditingPolicyArgs(val blobStorageEndpoint: Output<String>? = null, val enabled: Output<Boolean>? = null, val logMonitoringEnabled: Output<Boolean>? = null, val serverId: Output<String>? = null, val storageAccountAccessKey: Output<String>? = null, val storageAccountSubscriptionId: Output<String>? = null) : ConvertibleToJava<ServerMicrosoftSupportAuditingPolicyArgs>

Manages a MS SQL Server Microsoft Support Auditing Policy.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.mssql.ServerMicrosoftSupportAuditingPolicy;
import com.pulumi.azure.mssql.ServerMicrosoftSupportAuditingPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleServer = new Server("exampleServer", ServerArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .version("12.0")
            .administratorLogin("missadministrator")
            .administratorLoginPassword("AdminPassword123!")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());
        var exampleServerMicrosoftSupportAuditingPolicy = new ServerMicrosoftSupportAuditingPolicy("exampleServerMicrosoftSupportAuditingPolicy", ServerMicrosoftSupportAuditingPolicyArgs.builder()
            .serverId(exampleServer.id())
            .blobStorageEndpoint(exampleAccount.primaryBlobEndpoint())
            .storageAccountAccessKey(exampleAccount.primaryAccessKey())
            .build());
    }
}
Content copied to clipboard

With Storage Account Behind VNet And Firewall

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.mssql.inputs.ServerIdentityArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.sql.VirtualNetworkRule;
import com.pulumi.azure.sql.VirtualNetworkRuleArgs;
import com.pulumi.azure.sql.FirewallRule;
import com.pulumi.azure.sql.FirewallRuleArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.inputs.AccountNetworkRulesArgs;
import com.pulumi.azure.storage.inputs.AccountIdentityArgs;
import com.pulumi.azure.mssql.ServerMicrosoftSupportAuditingPolicy;
import com.pulumi.azure.mssql.ServerMicrosoftSupportAuditingPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        final var exampleClientConfig = CoreFunctions.getClientConfig();
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .addressSpaces("10.0.0.0/16")
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .build());
        var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.2.0/24")
            .serviceEndpoints(
                "Microsoft.Sql",
                "Microsoft.Storage")
            .enforcePrivateLinkEndpointNetworkPolicies(true)
            .build());
        var exampleServer = new Server("exampleServer", ServerArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .version("12.0")
            .administratorLogin("missadministrator")
            .administratorLoginPassword("AdminPassword123!")
            .minimumTlsVersion("1.2")
            .identity(ServerIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .build());
        var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .roleDefinitionName("Storage Blob Data Contributor")
            .principalId(exampleServer.identity().applyValue(identity -> identity.principalId()))
            .build());
        var sqlvnetrule = new VirtualNetworkRule("sqlvnetrule", VirtualNetworkRuleArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .serverName(exampleServer.name())
            .subnetId(exampleSubnet.id())
            .build());
        var exampleFirewallRule = new FirewallRule("exampleFirewallRule", FirewallRuleArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .serverName(exampleServer.name())
            .startIpAddress("0.0.0.0")
            .endIpAddress("0.0.0.0")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .accountKind("StorageV2")
            .allowNestedItemsToBePublic(false)
            .networkRules(AccountNetworkRulesArgs.builder()
                .defaultAction("Deny")
                .ipRules("127.0.0.1")
                .virtualNetworkSubnetIds(exampleSubnet.id())
                .bypasses("AzureServices")
                .build())
            .identity(AccountIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .build());
        var exampleServerMicrosoftSupportAuditingPolicy = new ServerMicrosoftSupportAuditingPolicy("exampleServerMicrosoftSupportAuditingPolicy", ServerMicrosoftSupportAuditingPolicyArgs.builder()
            .blobStorageEndpoint(exampleAccount.primaryBlobEndpoint())
            .serverId(exampleServer.id())
            .logMonitoringEnabled(false)
            .storageAccountSubscriptionId(azurerm_subscription.primary().subscription_id())
            .build(), CustomResourceOptions.builder()
                .dependsOn(
                    exampleAssignment,
                    exampleAccount)
                .build());
    }
}
Content copied to clipboard

Import

MS SQL Server Microsoft Support Auditing Policies can be imported using the resource id, e.g.

$ pulumi import azure:mssql/serverMicrosoftSupportAuditingPolicy:ServerMicrosoftSupportAuditingPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/sqlServer1/devOpsAuditingSettings/default
Content copied to clipboard

Constructors

Link copied to clipboard
fun ServerMicrosoftSupportAuditingPolicyArgs(blobStorageEndpoint: Output<String>? = null, enabled: Output<Boolean>? = null, logMonitoringEnabled: Output<Boolean>? = null, serverId: Output<String>? = null, storageAccountAccessKey: Output<String>? = null, storageAccountSubscriptionId: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): ServerMicrosoftSupportAuditingPolicyArgs

Properties

Link copied to clipboard
val blobStorageEndpoint: Output<String>? = null

The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Microsoft support auditing logs.

Link copied to clipboard
val enabled: Output<Boolean>? = null

Whether to enable the extended auditing policy. Possible values are true and false. Defaults to true. ->NOTE: If enabled is true, blob_storage_endpoint or log_monitoring_enabled are required.

Link copied to clipboard
val logMonitoringEnabled: Output<Boolean>? = null

Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to true.

Link copied to clipboard
val serverId: Output<String>? = null

The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created.

Link copied to clipboard
val storageAccountAccessKey: Output<String>? = null

The access key to use for the auditing storage account.

Link copied to clipboard
val storageAccountSubscriptionId: Output<String>? = null

The ID of the Subscription containing the Storage Account.