Database
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplesa",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleServer = new azure.mssql.Server("example", {
name: "example-sqlserver",
resourceGroupName: example.name,
location: example.location,
version: "12.0",
administratorLogin: "4dm1n157r470r",
administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
const exampleDatabase = new azure.mssql.Database("example", {
name: "example-db",
serverId: exampleServer.id,
collation: "SQL_Latin1_General_CP1_CI_AS",
licenseType: "LicenseIncluded",
maxSizeGb: 4,
readScale: true,
skuName: "S0",
zoneRedundant: true,
enclaveType: "VBS",
tags: {
foo: "bar",
},
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_account = azure.storage.Account("example",
name="examplesa",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS")
example_server = azure.mssql.Server("example",
name="example-sqlserver",
resource_group_name=example.name,
location=example.location,
version="12.0",
administrator_login="4dm1n157r470r",
administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_database = azure.mssql.Database("example",
name="example-db",
server_id=example_server.id,
collation="SQL_Latin1_General_CP1_CI_AS",
license_type="LicenseIncluded",
max_size_gb=4,
read_scale=True,
sku_name="S0",
zone_redundant=True,
enclave_type="VBS",
tags={
"foo": "bar",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplesa",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "example-sqlserver",
ResourceGroupName = example.Name,
Location = example.Location,
Version = "12.0",
AdministratorLogin = "4dm1n157r470r",
AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
});
var exampleDatabase = new Azure.MSSql.Database("example", new()
{
Name = "example-db",
ServerId = exampleServer.Id,
Collation = "SQL_Latin1_General_CP1_CI_AS",
LicenseType = "LicenseIncluded",
MaxSizeGb = 4,
ReadScale = true,
SkuName = "S0",
ZoneRedundant = true,
EnclaveType = "VBS",
Tags =
{
{ "foo", "bar" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplesa"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("example-sqlserver"),
ResourceGroupName: example.Name,
Location: example.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("4dm1n157r470r"),
AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
})
if err != nil {
return err
}
_, err = mssql.NewDatabase(ctx, "example", &mssql.DatabaseArgs{
Name: pulumi.String("example-db"),
ServerId: exampleServer.ID(),
Collation: pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
LicenseType: pulumi.String("LicenseIncluded"),
MaxSizeGb: pulumi.Int(4),
ReadScale: pulumi.Bool(true),
SkuName: pulumi.String("S0"),
ZoneRedundant: pulumi.Bool(true),
EnclaveType: pulumi.String("VBS"),
Tags: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.mssql.Database;
import com.pulumi.azure.mssql.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplesa")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("example-sqlserver")
.resourceGroupName(example.name())
.location(example.location())
.version("12.0")
.administratorLogin("4dm1n157r470r")
.administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
.build());
var exampleDatabase = new Database("exampleDatabase", DatabaseArgs.builder()
.name("example-db")
.serverId(exampleServer.id())
.collation("SQL_Latin1_General_CP1_CI_AS")
.licenseType("LicenseIncluded")
.maxSizeGb(4)
.readScale(true)
.skuName("S0")
.zoneRedundant(true)
.enclaveType("VBS")
.tags(Map.of("foo", "bar"))
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplesa
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: example-sqlserver
resourceGroupName: ${example.name}
location: ${example.location}
version: '12.0'
administratorLogin: 4dm1n157r470r
administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
exampleDatabase:
type: azure:mssql:Database
name: example
properties:
name: example-db
serverId: ${exampleServer.id}
collation: SQL_Latin1_General_CP1_CI_AS
licenseType: LicenseIncluded
maxSizeGb: 4
readScale: true
skuName: S0
zoneRedundant: true
enclaveType: VBS
tags:
foo: barContent copied to clipboard
Transparent Data Encryption(TDE) With A Customer Managed Key(CMK) During Create
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
name: "example-admin",
location: example.location,
resourceGroupName: example.name,
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplesa",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleServer = new azure.mssql.Server("example", {
name: "example-sqlserver",
resourceGroupName: example.name,
location: example.location,
version: "12.0",
administratorLogin: "4dm1n157r470r",
administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "mssqltdeexample",
location: example.location,
resourceGroupName: example.name,
enabledForDiskEncryption: true,
tenantId: exampleUserAssignedIdentity.tenantId,
softDeleteRetentionDays: 7,
purgeProtectionEnabled: true,
skuName: "standard",
accessPolicies: [
{
tenantId: current.tenantId,
objectId: current.objectId,
keyPermissions: [
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy",
],
},
{
tenantId: exampleUserAssignedIdentity.tenantId,
objectId: exampleUserAssignedIdentity.principalId,
keyPermissions: [
"Get",
"WrapKey",
"UnwrapKey",
],
},
],
});
const exampleKey = new azure.keyvault.Key("example", {
name: "example-key",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"unwrapKey",
"wrapKey",
],
}, {
dependsOn: [exampleKeyVault],
});
const exampleDatabase = new azure.mssql.Database("example", {
name: "example-db",
serverId: exampleServer.id,
collation: "SQL_Latin1_General_CP1_CI_AS",
licenseType: "LicenseIncluded",
maxSizeGb: 4,
readScale: true,
skuName: "S0",
zoneRedundant: true,
enclaveType: "VBS",
tags: {
foo: "bar",
},
identity: {
type: "UserAssigned",
identityIds: [exampleUserAssignedIdentity.id],
},
transparentDataEncryptionKeyVaultKeyId: exampleKey.id,
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
name="example-admin",
location=example.location,
resource_group_name=example.name)
example_account = azure.storage.Account("example",
name="examplesa",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS")
example_server = azure.mssql.Server("example",
name="example-sqlserver",
resource_group_name=example.name,
location=example.location,
version="12.0",
administrator_login="4dm1n157r470r",
administrator_login_password="4-v3ry-53cr37-p455w0rd")
# Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
example_key_vault = azure.keyvault.KeyVault("example",
name="mssqltdeexample",
location=example.location,
resource_group_name=example.name,
enabled_for_disk_encryption=True,
tenant_id=example_user_assigned_identity.tenant_id,
soft_delete_retention_days=7,
purge_protection_enabled=True,
sku_name="standard",
access_policies=[
{
"tenant_id": current["tenantId"],
"object_id": current["objectId"],
"key_permissions": [
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy",
],
},
{
"tenant_id": example_user_assigned_identity.tenant_id,
"object_id": example_user_assigned_identity.principal_id,
"key_permissions": [
"Get",
"WrapKey",
"UnwrapKey",
],
},
])
example_key = azure.keyvault.Key("example",
name="example-key",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"unwrapKey",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[example_key_vault]))
example_database = azure.mssql.Database("example",
name="example-db",
server_id=example_server.id,
collation="SQL_Latin1_General_CP1_CI_AS",
license_type="LicenseIncluded",
max_size_gb=4,
read_scale=True,
sku_name="S0",
zone_redundant=True,
enclave_type="VBS",
tags={
"foo": "bar",
},
identity={
"type": "UserAssigned",
"identity_ids": [example_user_assigned_identity.id],
},
transparent_data_encryption_key_vault_key_id=example_key.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
Name = "example-admin",
Location = example.Location,
ResourceGroupName = example.Name,
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplesa",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "example-sqlserver",
ResourceGroupName = example.Name,
Location = example.Location,
Version = "12.0",
AdministratorLogin = "4dm1n157r470r",
AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
});
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "mssqltdeexample",
Location = example.Location,
ResourceGroupName = example.Name,
EnabledForDiskEncryption = true,
TenantId = exampleUserAssignedIdentity.TenantId,
SoftDeleteRetentionDays = 7,
PurgeProtectionEnabled = true,
SkuName = "standard",
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.TenantId,
ObjectId = current.ObjectId,
KeyPermissions = new[]
{
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy",
},
},
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = exampleUserAssignedIdentity.TenantId,
ObjectId = exampleUserAssignedIdentity.PrincipalId,
KeyPermissions = new[]
{
"Get",
"WrapKey",
"UnwrapKey",
},
},
},
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "example-key",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"unwrapKey",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleKeyVault,
},
});
var exampleDatabase = new Azure.MSSql.Database("example", new()
{
Name = "example-db",
ServerId = exampleServer.Id,
Collation = "SQL_Latin1_General_CP1_CI_AS",
LicenseType = "LicenseIncluded",
MaxSizeGb = 4,
ReadScale = true,
SkuName = "S0",
ZoneRedundant = true,
EnclaveType = "VBS",
Tags =
{
{ "foo", "bar" },
},
Identity = new Azure.MSSql.Inputs.DatabaseIdentityArgs
{
Type = "UserAssigned",
IdentityIds = new[]
{
exampleUserAssignedIdentity.Id,
},
},
TransparentDataEncryptionKeyVaultKeyId = exampleKey.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
Name: pulumi.String("example-admin"),
Location: example.Location,
ResourceGroupName: example.Name,
})
if err != nil {
return err
}
_, err = storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplesa"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("example-sqlserver"),
ResourceGroupName: example.Name,
Location: example.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("4dm1n157r470r"),
AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
})
if err != nil {
return err
}
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("mssqltdeexample"),
Location: example.Location,
ResourceGroupName: example.Name,
EnabledForDiskEncryption: pulumi.Bool(true),
TenantId: exampleUserAssignedIdentity.TenantId,
SoftDeleteRetentionDays: pulumi.Int(7),
PurgeProtectionEnabled: pulumi.Bool(true),
SkuName: pulumi.String("standard"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.Any(current.TenantId),
ObjectId: pulumi.Any(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Create"),
pulumi.String("Delete"),
pulumi.String("Update"),
pulumi.String("Recover"),
pulumi.String("Purge"),
pulumi.String("GetRotationPolicy"),
},
},
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: exampleUserAssignedIdentity.TenantId,
ObjectId: exampleUserAssignedIdentity.PrincipalId,
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("WrapKey"),
pulumi.String("UnwrapKey"),
},
},
},
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("example-key"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("unwrapKey"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleKeyVault,
}))
if err != nil {
return err
}
_, err = mssql.NewDatabase(ctx, "example", &mssql.DatabaseArgs{
Name: pulumi.String("example-db"),
ServerId: exampleServer.ID(),
Collation: pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
LicenseType: pulumi.String("LicenseIncluded"),
MaxSizeGb: pulumi.Int(4),
ReadScale: pulumi.Bool(true),
SkuName: pulumi.String("S0"),
ZoneRedundant: pulumi.Bool(true),
EnclaveType: pulumi.String("VBS"),
Tags: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Identity: &mssql.DatabaseIdentityArgs{
Type: pulumi.String("UserAssigned"),
IdentityIds: pulumi.StringArray{
exampleUserAssignedIdentity.ID(),
},
},
TransparentDataEncryptionKeyVaultKeyId: exampleKey.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.mssql.Database;
import com.pulumi.azure.mssql.DatabaseArgs;
import com.pulumi.azure.mssql.inputs.DatabaseIdentityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.name("example-admin")
.location(example.location())
.resourceGroupName(example.name())
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplesa")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("example-sqlserver")
.resourceGroupName(example.name())
.location(example.location())
.version("12.0")
.administratorLogin("4dm1n157r470r")
.administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
.build());
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("mssqltdeexample")
.location(example.location())
.resourceGroupName(example.name())
.enabledForDiskEncryption(true)
.tenantId(exampleUserAssignedIdentity.tenantId())
.softDeleteRetentionDays(7)
.purgeProtectionEnabled(true)
.skuName("standard")
.accessPolicies(
KeyVaultAccessPolicyArgs.builder()
.tenantId(current.tenantId())
.objectId(current.objectId())
.keyPermissions(
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy")
.build(),
KeyVaultAccessPolicyArgs.builder()
.tenantId(exampleUserAssignedIdentity.tenantId())
.objectId(exampleUserAssignedIdentity.principalId())
.keyPermissions(
"Get",
"WrapKey",
"UnwrapKey")
.build())
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("example-key")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"unwrapKey",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(exampleKeyVault)
.build());
var exampleDatabase = new Database("exampleDatabase", DatabaseArgs.builder()
.name("example-db")
.serverId(exampleServer.id())
.collation("SQL_Latin1_General_CP1_CI_AS")
.licenseType("LicenseIncluded")
.maxSizeGb(4)
.readScale(true)
.skuName("S0")
.zoneRedundant(true)
.enclaveType("VBS")
.tags(Map.of("foo", "bar"))
.identity(DatabaseIdentityArgs.builder()
.type("UserAssigned")
.identityIds(exampleUserAssignedIdentity.id())
.build())
.transparentDataEncryptionKeyVaultKeyId(exampleKey.id())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
name: example-admin
location: ${example.location}
resourceGroupName: ${example.name}
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplesa
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: example-sqlserver
resourceGroupName: ${example.name}
location: ${example.location}
version: '12.0'
administratorLogin: 4dm1n157r470r
administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
exampleDatabase:
type: azure:mssql:Database
name: example
properties:
name: example-db
serverId: ${exampleServer.id}
collation: SQL_Latin1_General_CP1_CI_AS
licenseType: LicenseIncluded
maxSizeGb: 4
readScale: true
skuName: S0
zoneRedundant: true
enclaveType: VBS
tags:
foo: bar
identity:
type: UserAssigned
identityIds:
- ${exampleUserAssignedIdentity.id}
transparentDataEncryptionKeyVaultKeyId: ${exampleKey.id}
# Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: mssqltdeexample
location: ${example.location}
resourceGroupName: ${example.name}
enabledForDiskEncryption: true
tenantId: ${exampleUserAssignedIdentity.tenantId}
softDeleteRetentionDays: 7
purgeProtectionEnabled: true
skuName: standard
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Get
- List
- Create
- Delete
- Update
- Recover
- Purge
- GetRotationPolicy
- tenantId: ${exampleUserAssignedIdentity.tenantId}
objectId: ${exampleUserAssignedIdentity.principalId}
keyPermissions:
- Get
- WrapKey
- UnwrapKey
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: example-key
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- unwrapKey
- wrapKey
options:
dependson:
- ${exampleKeyVault}Content copied to clipboard
Import
SQL Database can be imported using the resource id, e.g.
$ pulumi import azure:mssql/database:Database example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/example1Content copied to clipboard
Properties
Link copied to clipboard
Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
Link copied to clipboard
The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
Link copied to clipboard
The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the ID of the elastic pool containing this database.
Link copied to clipboard
Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database.