Server
data class ServerExtendedAuditingPolicyArgs(val auditActionsAndGroups: Output<List<String>>? = null, val enabled: Output<Boolean>? = null, val logMonitoringEnabled: Output<Boolean>? = null, val predicateExpression: Output<String>? = null, val retentionInDays: Output<Int>? = null, val serverId: Output<String>? = null, val storageAccountAccessKey: Output<String>? = null, val storageAccountAccessKeyIsSecondary: Output<Boolean>? = null, val storageAccountSubscriptionId: Output<String>? = null, val storageEndpoint: Output<String>? = null) : ConvertibleToJava<ServerExtendedAuditingPolicyArgs>
Manages a MS SQL Server Extended Auditing Policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleServer = new azure.mssql.Server("example", {
name: "example-sqlserver",
resourceGroupName: example.name,
location: example.location,
version: "12.0",
administratorLogin: "missadministrator",
administratorLoginPassword: "AdminPassword123!",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplesa",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleServerExtendedAuditingPolicy = new azure.mssql.ServerExtendedAuditingPolicy("example", {
serverId: exampleServer.id,
storageEndpoint: exampleAccount.primaryBlobEndpoint,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
storageAccountAccessKeyIsSecondary: false,
retentionInDays: 6,
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_server = azure.mssql.Server("example",
name="example-sqlserver",
resource_group_name=example.name,
location=example.location,
version="12.0",
administrator_login="missadministrator",
administrator_login_password="AdminPassword123!")
example_account = azure.storage.Account("example",
name="examplesa",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS")
example_server_extended_auditing_policy = azure.mssql.ServerExtendedAuditingPolicy("example",
server_id=example_server.id,
storage_endpoint=example_account.primary_blob_endpoint,
storage_account_access_key=example_account.primary_access_key,
storage_account_access_key_is_secondary=False,
retention_in_days=6)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "example-sqlserver",
ResourceGroupName = example.Name,
Location = example.Location,
Version = "12.0",
AdministratorLogin = "missadministrator",
AdministratorLoginPassword = "AdminPassword123!",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplesa",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleServerExtendedAuditingPolicy = new Azure.MSSql.ServerExtendedAuditingPolicy("example", new()
{
ServerId = exampleServer.Id,
StorageEndpoint = exampleAccount.PrimaryBlobEndpoint,
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
StorageAccountAccessKeyIsSecondary = false,
RetentionInDays = 6,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("example-sqlserver"),
ResourceGroupName: example.Name,
Location: example.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("missadministrator"),
AdministratorLoginPassword: pulumi.String("AdminPassword123!"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplesa"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
_, err = mssql.NewServerExtendedAuditingPolicy(ctx, "example", &mssql.ServerExtendedAuditingPolicyArgs{
ServerId: exampleServer.ID(),
StorageEndpoint: exampleAccount.PrimaryBlobEndpoint,
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
StorageAccountAccessKeyIsSecondary: pulumi.Bool(false),
RetentionInDays: pulumi.Int(6),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicy;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("example-sqlserver")
.resourceGroupName(example.name())
.location(example.location())
.version("12.0")
.administratorLogin("missadministrator")
.administratorLoginPassword("AdminPassword123!")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplesa")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleServerExtendedAuditingPolicy = new ServerExtendedAuditingPolicy("exampleServerExtendedAuditingPolicy", ServerExtendedAuditingPolicyArgs.builder()
.serverId(exampleServer.id())
.storageEndpoint(exampleAccount.primaryBlobEndpoint())
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.storageAccountAccessKeyIsSecondary(false)
.retentionInDays(6)
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: example-sqlserver
resourceGroupName: ${example.name}
location: ${example.location}
version: '12.0'
administratorLogin: missadministrator
administratorLoginPassword: AdminPassword123!
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplesa
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleServerExtendedAuditingPolicy:
type: azure:mssql:ServerExtendedAuditingPolicy
name: example
properties:
serverId: ${exampleServer.id}
storageEndpoint: ${exampleAccount.primaryBlobEndpoint}
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
storageAccountAccessKeyIsSecondary: false
retentionInDays: 6Content copied to clipboard
With Storage Account Behind VNet And Firewall
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const primary = azure.core.getSubscription({});
const example = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("example", {
name: "example",
location: "West Europe",
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
name: "virtnetname-1",
addressSpaces: ["10.0.0.0/16"],
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
});
const exampleSubnet = new azure.network.Subnet("example", {
name: "subnetname-1",
resourceGroupName: exampleResourceGroup.name,
virtualNetworkName: exampleVirtualNetwork.name,
addressPrefixes: ["10.0.2.0/24"],
serviceEndpoints: [
"Microsoft.Sql",
"Microsoft.Storage",
],
enforcePrivateLinkEndpointNetworkPolicies: true,
});
const exampleServer = new azure.mssql.Server("example", {
name: "example-sqlserver",
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
version: "12.0",
administratorLogin: "missadministrator",
administratorLoginPassword: "AdminPassword123!",
minimumTlsVersion: "1.2",
identity: {
type: "SystemAssigned",
},
});
const exampleAssignment = new azure.authorization.Assignment("example", {
scope: primary.then(primary => primary.id),
roleDefinitionName: "Storage Blob Data Contributor",
principalId: exampleServer.identity.apply(identity => identity?.principalId),
});
const sqlvnetrule = new azure.sql.VirtualNetworkRule("sqlvnetrule", {
name: "sql-vnet-rule",
resourceGroupName: exampleResourceGroup.name,
serverName: exampleServer.name,
subnetId: exampleSubnet.id,
});
const exampleFirewallRule = new azure.sql.FirewallRule("example", {
name: "FirewallRule1",
resourceGroupName: exampleResourceGroup.name,
serverName: exampleServer.name,
startIpAddress: "0.0.0.0",
endIpAddress: "0.0.0.0",
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplesa",
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
accountTier: "Standard",
accountReplicationType: "LRS",
accountKind: "StorageV2",
allowNestedItemsToBePublic: false,
networkRules: {
defaultAction: "Deny",
ipRules: ["127.0.0.1"],
virtualNetworkSubnetIds: [exampleSubnet.id],
bypasses: ["AzureServices"],
},
identity: {
type: "SystemAssigned",
},
});
const exampleServerExtendedAuditingPolicy = new azure.mssql.ServerExtendedAuditingPolicy("example", {
storageEndpoint: exampleAccount.primaryBlobEndpoint,
serverId: exampleServer.id,
retentionInDays: 6,
logMonitoringEnabled: false,
storageAccountSubscriptionId: primaryAzurermSubscription.subscriptionId,
}, {
dependsOn: [
exampleAssignment,
exampleAccount,
],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
primary = azure.core.get_subscription()
example = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("example",
name="example",
location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("example",
name="virtnetname-1",
address_spaces=["10.0.0.0/16"],
location=example_resource_group.location,
resource_group_name=example_resource_group.name)
example_subnet = azure.network.Subnet("example",
name="subnetname-1",
resource_group_name=example_resource_group.name,
virtual_network_name=example_virtual_network.name,
address_prefixes=["10.0.2.0/24"],
service_endpoints=[
"Microsoft.Sql",
"Microsoft.Storage",
],
enforce_private_link_endpoint_network_policies=True)
example_server = azure.mssql.Server("example",
name="example-sqlserver",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
version="12.0",
administrator_login="missadministrator",
administrator_login_password="AdminPassword123!",
minimum_tls_version="1.2",
identity={
"type": "SystemAssigned",
})
example_assignment = azure.authorization.Assignment("example",
scope=primary.id,
role_definition_name="Storage Blob Data Contributor",
principal_id=example_server.identity.principal_id)
sqlvnetrule = azure.sql.VirtualNetworkRule("sqlvnetrule",
name="sql-vnet-rule",
resource_group_name=example_resource_group.name,
server_name=example_server.name,
subnet_id=example_subnet.id)
example_firewall_rule = azure.sql.FirewallRule("example",
name="FirewallRule1",
resource_group_name=example_resource_group.name,
server_name=example_server.name,
start_ip_address="0.0.0.0",
end_ip_address="0.0.0.0")
example_account = azure.storage.Account("example",
name="examplesa",
resource_group_name=example_resource_group.name,
location=example_resource_group.location,
account_tier="Standard",
account_replication_type="LRS",
account_kind="StorageV2",
allow_nested_items_to_be_public=False,
network_rules={
"default_action": "Deny",
"ip_rules": ["127.0.0.1"],
"virtual_network_subnet_ids": [example_subnet.id],
"bypasses": ["AzureServices"],
},
identity={
"type": "SystemAssigned",
})
example_server_extended_auditing_policy = azure.mssql.ServerExtendedAuditingPolicy("example",
storage_endpoint=example_account.primary_blob_endpoint,
server_id=example_server.id,
retention_in_days=6,
log_monitoring_enabled=False,
storage_account_subscription_id=primary_azurerm_subscription["subscriptionId"],
opts = pulumi.ResourceOptions(depends_on=[
example_assignment,
example_account,
]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var primary = Azure.Core.GetSubscription.Invoke();
var example = Azure.Core.GetClientConfig.Invoke();
var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
{
Name = "example",
Location = "West Europe",
});
var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
{
Name = "virtnetname-1",
AddressSpaces = new[]
{
"10.0.0.0/16",
},
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
});
var exampleSubnet = new Azure.Network.Subnet("example", new()
{
Name = "subnetname-1",
ResourceGroupName = exampleResourceGroup.Name,
VirtualNetworkName = exampleVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.2.0/24",
},
ServiceEndpoints = new[]
{
"Microsoft.Sql",
"Microsoft.Storage",
},
EnforcePrivateLinkEndpointNetworkPolicies = true,
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "example-sqlserver",
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
Version = "12.0",
AdministratorLogin = "missadministrator",
AdministratorLoginPassword = "AdminPassword123!",
MinimumTlsVersion = "1.2",
Identity = new Azure.MSSql.Inputs.ServerIdentityArgs
{
Type = "SystemAssigned",
},
});
var exampleAssignment = new Azure.Authorization.Assignment("example", new()
{
Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
RoleDefinitionName = "Storage Blob Data Contributor",
PrincipalId = exampleServer.Identity.Apply(identity => identity?.PrincipalId),
});
var sqlvnetrule = new Azure.Sql.VirtualNetworkRule("sqlvnetrule", new()
{
Name = "sql-vnet-rule",
ResourceGroupName = exampleResourceGroup.Name,
ServerName = exampleServer.Name,
SubnetId = exampleSubnet.Id,
});
var exampleFirewallRule = new Azure.Sql.FirewallRule("example", new()
{
Name = "FirewallRule1",
ResourceGroupName = exampleResourceGroup.Name,
ServerName = exampleServer.Name,
StartIpAddress = "0.0.0.0",
EndIpAddress = "0.0.0.0",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplesa",
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
AccountKind = "StorageV2",
AllowNestedItemsToBePublic = false,
NetworkRules = new Azure.Storage.Inputs.AccountNetworkRulesArgs
{
DefaultAction = "Deny",
IpRules = new[]
{
"127.0.0.1",
},
VirtualNetworkSubnetIds = new[]
{
exampleSubnet.Id,
},
Bypasses = new[]
{
"AzureServices",
},
},
Identity = new Azure.Storage.Inputs.AccountIdentityArgs
{
Type = "SystemAssigned",
},
});
var exampleServerExtendedAuditingPolicy = new Azure.MSSql.ServerExtendedAuditingPolicy("example", new()
{
StorageEndpoint = exampleAccount.PrimaryBlobEndpoint,
ServerId = exampleServer.Id,
RetentionInDays = 6,
LogMonitoringEnabled = false,
StorageAccountSubscriptionId = primaryAzurermSubscription.SubscriptionId,
}, new CustomResourceOptions
{
DependsOn =
{
exampleAssignment,
exampleAccount,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sql"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primary, err := core.LookupSubscription(ctx, nil, nil)
if err != nil {
return err
}
_, err = core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
Name: pulumi.String("virtnetname-1"),
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
})
if err != nil {
return err
}
exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
Name: pulumi.String("subnetname-1"),
ResourceGroupName: exampleResourceGroup.Name,
VirtualNetworkName: exampleVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.2.0/24"),
},
ServiceEndpoints: pulumi.StringArray{
pulumi.String("Microsoft.Sql"),
pulumi.String("Microsoft.Storage"),
},
EnforcePrivateLinkEndpointNetworkPolicies: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("example-sqlserver"),
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("missadministrator"),
AdministratorLoginPassword: pulumi.String("AdminPassword123!"),
MinimumTlsVersion: pulumi.String("1.2"),
Identity: &mssql.ServerIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
Scope: pulumi.String(primary.Id),
RoleDefinitionName: pulumi.String("Storage Blob Data Contributor"),
PrincipalId: pulumi.String(exampleServer.Identity.ApplyT(func(identity mssql.ServerIdentity) (*string, error) {
return &identity.PrincipalId, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
_, err = sql.NewVirtualNetworkRule(ctx, "sqlvnetrule", &sql.VirtualNetworkRuleArgs{
Name: pulumi.String("sql-vnet-rule"),
ResourceGroupName: exampleResourceGroup.Name,
ServerName: exampleServer.Name,
SubnetId: exampleSubnet.ID(),
})
if err != nil {
return err
}
_, err = sql.NewFirewallRule(ctx, "example", &sql.FirewallRuleArgs{
Name: pulumi.String("FirewallRule1"),
ResourceGroupName: exampleResourceGroup.Name,
ServerName: exampleServer.Name,
StartIpAddress: pulumi.String("0.0.0.0"),
EndIpAddress: pulumi.String("0.0.0.0"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplesa"),
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
AccountKind: pulumi.String("StorageV2"),
AllowNestedItemsToBePublic: pulumi.Bool(false),
NetworkRules: &storage.AccountNetworkRulesTypeArgs{
DefaultAction: pulumi.String("Deny"),
IpRules: pulumi.StringArray{
pulumi.String("127.0.0.1"),
},
VirtualNetworkSubnetIds: pulumi.StringArray{
exampleSubnet.ID(),
},
Bypasses: pulumi.StringArray{
pulumi.String("AzureServices"),
},
},
Identity: &storage.AccountIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
_, err = mssql.NewServerExtendedAuditingPolicy(ctx, "example", &mssql.ServerExtendedAuditingPolicyArgs{
StorageEndpoint: exampleAccount.PrimaryBlobEndpoint,
ServerId: exampleServer.ID(),
RetentionInDays: pulumi.Int(6),
LogMonitoringEnabled: pulumi.Bool(false),
StorageAccountSubscriptionId: pulumi.Any(primaryAzurermSubscription.SubscriptionId),
}, pulumi.DependsOn([]pulumi.Resource{
exampleAssignment,
exampleAccount,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.mssql.inputs.ServerIdentityArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.sql.VirtualNetworkRule;
import com.pulumi.azure.sql.VirtualNetworkRuleArgs;
import com.pulumi.azure.sql.FirewallRule;
import com.pulumi.azure.sql.FirewallRuleArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.inputs.AccountNetworkRulesArgs;
import com.pulumi.azure.storage.inputs.AccountIdentityArgs;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicy;
import com.pulumi.azure.mssql.ServerExtendedAuditingPolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var primary = CoreFunctions.getSubscription();
final var example = CoreFunctions.getClientConfig();
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.name("example")
.location("West Europe")
.build());
var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
.name("virtnetname-1")
.addressSpaces("10.0.0.0/16")
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.build());
var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
.name("subnetname-1")
.resourceGroupName(exampleResourceGroup.name())
.virtualNetworkName(exampleVirtualNetwork.name())
.addressPrefixes("10.0.2.0/24")
.serviceEndpoints(
"Microsoft.Sql",
"Microsoft.Storage")
.enforcePrivateLinkEndpointNetworkPolicies(true)
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("example-sqlserver")
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.version("12.0")
.administratorLogin("missadministrator")
.administratorLoginPassword("AdminPassword123!")
.minimumTlsVersion("1.2")
.identity(ServerIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
.scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
.roleDefinitionName("Storage Blob Data Contributor")
.principalId(exampleServer.identity().applyValue(identity -> identity.principalId()))
.build());
var sqlvnetrule = new VirtualNetworkRule("sqlvnetrule", VirtualNetworkRuleArgs.builder()
.name("sql-vnet-rule")
.resourceGroupName(exampleResourceGroup.name())
.serverName(exampleServer.name())
.subnetId(exampleSubnet.id())
.build());
var exampleFirewallRule = new FirewallRule("exampleFirewallRule", FirewallRuleArgs.builder()
.name("FirewallRule1")
.resourceGroupName(exampleResourceGroup.name())
.serverName(exampleServer.name())
.startIpAddress("0.0.0.0")
.endIpAddress("0.0.0.0")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplesa")
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.accountKind("StorageV2")
.allowNestedItemsToBePublic(false)
.networkRules(AccountNetworkRulesArgs.builder()
.defaultAction("Deny")
.ipRules("127.0.0.1")
.virtualNetworkSubnetIds(exampleSubnet.id())
.bypasses("AzureServices")
.build())
.identity(AccountIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var exampleServerExtendedAuditingPolicy = new ServerExtendedAuditingPolicy("exampleServerExtendedAuditingPolicy", ServerExtendedAuditingPolicyArgs.builder()
.storageEndpoint(exampleAccount.primaryBlobEndpoint())
.serverId(exampleServer.id())
.retentionInDays(6)
.logMonitoringEnabled(false)
.storageAccountSubscriptionId(primaryAzurermSubscription.subscriptionId())
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleAssignment,
exampleAccount)
.build());
}
}Content copied to clipboard
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
name: example
properties:
name: example
location: West Europe
exampleVirtualNetwork:
type: azure:network:VirtualNetwork
name: example
properties:
name: virtnetname-1
addressSpaces:
- 10.0.0.0/16
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
exampleSubnet:
type: azure:network:Subnet
name: example
properties:
name: subnetname-1
resourceGroupName: ${exampleResourceGroup.name}
virtualNetworkName: ${exampleVirtualNetwork.name}
addressPrefixes:
- 10.0.2.0/24
serviceEndpoints:
- Microsoft.Sql
- Microsoft.Storage
enforcePrivateLinkEndpointNetworkPolicies: true
exampleAssignment:
type: azure:authorization:Assignment
name: example
properties:
scope: ${primary.id}
roleDefinitionName: Storage Blob Data Contributor
principalId: ${exampleServer.identity.principalId}
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: example-sqlserver
resourceGroupName: ${exampleResourceGroup.name}
location: ${exampleResourceGroup.location}
version: '12.0'
administratorLogin: missadministrator
administratorLoginPassword: AdminPassword123!
minimumTlsVersion: '1.2'
identity:
type: SystemAssigned
sqlvnetrule:
type: azure:sql:VirtualNetworkRule
properties:
name: sql-vnet-rule
resourceGroupName: ${exampleResourceGroup.name}
serverName: ${exampleServer.name}
subnetId: ${exampleSubnet.id}
exampleFirewallRule:
type: azure:sql:FirewallRule
name: example
properties:
name: FirewallRule1
resourceGroupName: ${exampleResourceGroup.name}
serverName: ${exampleServer.name}
startIpAddress: 0.0.0.0
endIpAddress: 0.0.0.0
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplesa
resourceGroupName: ${exampleResourceGroup.name}
location: ${exampleResourceGroup.location}
accountTier: Standard
accountReplicationType: LRS
accountKind: StorageV2
allowNestedItemsToBePublic: false
networkRules:
defaultAction: Deny
ipRules:
- 127.0.0.1
virtualNetworkSubnetIds:
- ${exampleSubnet.id}
bypasses:
- AzureServices
identity:
type: SystemAssigned
exampleServerExtendedAuditingPolicy:
type: azure:mssql:ServerExtendedAuditingPolicy
name: example
properties:
storageEndpoint: ${exampleAccount.primaryBlobEndpoint}
serverId: ${exampleServer.id}
retentionInDays: 6
logMonitoringEnabled: false
storageAccountSubscriptionId: ${primaryAzurermSubscription.subscriptionId}
options:
dependson:
- ${exampleAssignment}
- ${exampleAccount}
variables:
primary:
fn::invoke:
Function: azure:core:getSubscription
Arguments: {}
example:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}Content copied to clipboard
Import
MS SQL Server Extended Auditing Policies can be imported using the resource id, e.g.
$ pulumi import azure:mssql/serverExtendedAuditingPolicy:ServerExtendedAuditingPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/sqlServer1/extendedAuditingSettings/defaultContent copied to clipboard
Constructors
Link copied to clipboard
constructor(auditActionsAndGroups: Output<List<String>>? = null, enabled: Output<Boolean>? = null, logMonitoringEnabled: Output<Boolean>? = null, predicateExpression: Output<String>? = null, retentionInDays: Output<Int>? = null, serverId: Output<String>? = null, storageAccountAccessKey: Output<String>? = null, storageAccountAccessKeyIsSecondary: Output<Boolean>? = null, storageAccountSubscriptionId: Output<String>? = null, storageEndpoint: Output<String>? = null)
Properties
Link copied to clipboard
A list of Actions-Groups and Actions to audit.
Link copied to clipboard
Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to true.
Link copied to clipboard
Specifies condition of where clause when creating an audit.
Link copied to clipboard
The number of days to retain logs for in the storage account. Defaults to 0.
Link copied to clipboard
The access key to use for the auditing storage account.
Link copied to clipboard
Is storage_account_access_key value the storage's secondary key?
Link copied to clipboard
The ID of the Subscription containing the Storage Account.
Link copied to clipboard
The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all extended auditing logs.