Workspace
Manages a Security Alert Policy for a Synapse Workspace.
Example Usage
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplestorageacc
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
accountKind: StorageV2
isHnsEnabled: 'true'
exampleDataLakeGen2Filesystem:
type: azure:storage:DataLakeGen2Filesystem
name: example
properties:
name: example
storageAccountId: ${exampleAccount.id}
exampleWorkspace:
type: azure:synapse:Workspace
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
storageDataLakeGen2FilesystemId: ${exampleDataLakeGen2Filesystem.id}
sqlAdministratorLogin: sqladminuser
sqlAdministratorLoginPassword: H@Sh1CoR3!
aadAdmin:
- login: AzureAD Admin
objectId: 00000000-0000-0000-0000-000000000000
tenantId: 00000000-0000-0000-0000-000000000000
identity:
type: SystemAssigned
tags:
Env: production
auditLogs:
type: azure:storage:Account
name: audit_logs
properties:
name: examplesa
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleWorkspaceSecurityAlertPolicy:
type: azure:synapse:WorkspaceSecurityAlertPolicy
name: example
properties:
synapseWorkspaceId: ${exampleWorkspace.id}
policyState: Enabled
storageEndpoint: ${auditLogs.primaryBlobEndpoint}
storageAccountAccessKey: ${auditLogs.primaryAccessKey}
disabledAlerts:
- Sql_Injection
- Data_Exfiltration
retentionDays: 20Import
Synapse Workspace Security Alert Policies can be imported using the resource id, e.g.
$ pulumi import azure:synapse/workspaceSecurityAlertPolicy:WorkspaceSecurityAlertPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/securityAlertPolicies/DefaultConstructors
Properties
Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
Specifies an array of email addresses to which the alert is sent.
Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific workspace. Possible values are Disabled, Enabled and New.
Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
Specifies the identifier key of the Threat Detection audit storage account.
Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
Specifies the ID of the Synapse Workspace. Changing this forces a new resource to be created.