Database
data class DatabaseArgs(val autoPauseDelayInMinutes: Output<Int>? = null, val collation: Output<String>? = null, val createMode: Output<String>? = null, val creationSourceDatabaseId: Output<String>? = null, val elasticPoolId: Output<String>? = null, val enclaveType: Output<String>? = null, val geoBackupEnabled: Output<Boolean>? = null, val identity: Output<DatabaseIdentityArgs>? = null, val import: Output<DatabaseImportArgs>? = null, val ledgerEnabled: Output<Boolean>? = null, val licenseType: Output<String>? = null, val longTermRetentionPolicy: Output<DatabaseLongTermRetentionPolicyArgs>? = null, val maintenanceConfigurationName: Output<String>? = null, val maxSizeGb: Output<Int>? = null, val minCapacity: Output<Double>? = null, val name: Output<String>? = null, val readReplicaCount: Output<Int>? = null, val readScale: Output<Boolean>? = null, val recoverDatabaseId: Output<String>? = null, val recoveryPointId: Output<String>? = null, val restoreDroppedDatabaseId: Output<String>? = null, val restoreLongTermRetentionBackupId: Output<String>? = null, val restorePointInTime: Output<String>? = null, val sampleName: Output<String>? = null, val secondaryType: Output<String>? = null, val serverId: Output<String>? = null, val shortTermRetentionPolicy: Output<DatabaseShortTermRetentionPolicyArgs>? = null, val skuName: Output<String>? = null, val storageAccountType: Output<String>? = null, val tags: Output<Map<String, String>>? = null, val threatDetectionPolicy: Output<DatabaseThreatDetectionPolicyArgs>? = null, val transparentDataEncryptionEnabled: Output<Boolean>? = null, val transparentDataEncryptionKeyAutomaticRotationEnabled: Output<Boolean>? = null, val transparentDataEncryptionKeyVaultKeyId: Output<String>? = null, val zoneRedundant: Output<Boolean>? = null) : ConvertibleToJava<DatabaseArgs>
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleServer = new azure.mssql.Server("example", {
name: "example-sqlserver",
resourceGroupName: example.name,
location: example.location,
version: "12.0",
administratorLogin: "4dm1n157r470r",
administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
const exampleDatabase = new azure.mssql.Database("example", {
name: "example-db",
serverId: exampleServer.id,
collation: "SQL_Latin1_General_CP1_CI_AS",
licenseType: "LicenseIncluded",
maxSizeGb: 2,
skuName: "S0",
enclaveType: "VBS",
tags: {
foo: "bar",
},
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_server = azure.mssql.Server("example",
name="example-sqlserver",
resource_group_name=example.name,
location=example.location,
version="12.0",
administrator_login="4dm1n157r470r",
administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_database = azure.mssql.Database("example",
name="example-db",
server_id=example_server.id,
collation="SQL_Latin1_General_CP1_CI_AS",
license_type="LicenseIncluded",
max_size_gb=2,
sku_name="S0",
enclave_type="VBS",
tags={
"foo": "bar",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "example-sqlserver",
ResourceGroupName = example.Name,
Location = example.Location,
Version = "12.0",
AdministratorLogin = "4dm1n157r470r",
AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
});
var exampleDatabase = new Azure.MSSql.Database("example", new()
{
Name = "example-db",
ServerId = exampleServer.Id,
Collation = "SQL_Latin1_General_CP1_CI_AS",
LicenseType = "LicenseIncluded",
MaxSizeGb = 2,
SkuName = "S0",
EnclaveType = "VBS",
Tags =
{
{ "foo", "bar" },
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/mssql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("example-sqlserver"),
ResourceGroupName: example.Name,
Location: example.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("4dm1n157r470r"),
AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
})
if err != nil {
return err
}
_, err = mssql.NewDatabase(ctx, "example", &mssql.DatabaseArgs{
Name: pulumi.String("example-db"),
ServerId: exampleServer.ID(),
Collation: pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
LicenseType: pulumi.String("LicenseIncluded"),
MaxSizeGb: pulumi.Int(2),
SkuName: pulumi.String("S0"),
EnclaveType: pulumi.String("VBS"),
Tags: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.mssql.Database;
import com.pulumi.azure.mssql.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("example-sqlserver")
.resourceGroupName(example.name())
.location(example.location())
.version("12.0")
.administratorLogin("4dm1n157r470r")
.administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
.build());
var exampleDatabase = new Database("exampleDatabase", DatabaseArgs.builder()
.name("example-db")
.serverId(exampleServer.id())
.collation("SQL_Latin1_General_CP1_CI_AS")
.licenseType("LicenseIncluded")
.maxSizeGb(2)
.skuName("S0")
.enclaveType("VBS")
.tags(Map.of("foo", "bar"))
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: example-sqlserver
resourceGroupName: ${example.name}
location: ${example.location}
version: '12.0'
administratorLogin: 4dm1n157r470r
administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
exampleDatabase:
type: azure:mssql:Database
name: example
properties:
name: example-db
serverId: ${exampleServer.id}
collation: SQL_Latin1_General_CP1_CI_AS
licenseType: LicenseIncluded
maxSizeGb: 2
skuName: S0
enclaveType: VBS
tags:
foo: barContent copied to clipboard
Transparent Data Encryption(TDE) With A Customer Managed Key(CMK) During Create
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
name: "example-admin",
location: example.location,
resourceGroupName: example.name,
});
const exampleAccount = new azure.storage.Account("example", {
name: "examplesa",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleServer = new azure.mssql.Server("example", {
name: "example-sqlserver",
resourceGroupName: example.name,
location: example.location,
version: "12.0",
administratorLogin: "4dm1n157r470r",
administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "mssqltdeexample",
location: example.location,
resourceGroupName: example.name,
enabledForDiskEncryption: true,
tenantId: exampleUserAssignedIdentity.tenantId,
softDeleteRetentionDays: 7,
purgeProtectionEnabled: true,
skuName: "standard",
accessPolicies: [
{
tenantId: current.tenantId,
objectId: current.objectId,
keyPermissions: [
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy",
],
},
{
tenantId: exampleUserAssignedIdentity.tenantId,
objectId: exampleUserAssignedIdentity.principalId,
keyPermissions: [
"Get",
"WrapKey",
"UnwrapKey",
],
},
],
});
const exampleKey = new azure.keyvault.Key("example", {
name: "example-key",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"unwrapKey",
"wrapKey",
],
}, {
dependsOn: [exampleKeyVault],
});
const exampleDatabase = new azure.mssql.Database("example", {
name: "example-db",
serverId: exampleServer.id,
collation: "SQL_Latin1_General_CP1_CI_AS",
licenseType: "LicenseIncluded",
maxSizeGb: 4,
readScale: true,
skuName: "S0",
zoneRedundant: true,
enclaveType: "VBS",
tags: {
foo: "bar",
},
identity: {
type: "UserAssigned",
identityIds: [exampleUserAssignedIdentity.id],
},
transparentDataEncryptionKeyVaultKeyId: exampleKey.id,
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
name="example-admin",
location=example.location,
resource_group_name=example.name)
example_account = azure.storage.Account("example",
name="examplesa",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS")
example_server = azure.mssql.Server("example",
name="example-sqlserver",
resource_group_name=example.name,
location=example.location,
version="12.0",
administrator_login="4dm1n157r470r",
administrator_login_password="4-v3ry-53cr37-p455w0rd")
# Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
example_key_vault = azure.keyvault.KeyVault("example",
name="mssqltdeexample",
location=example.location,
resource_group_name=example.name,
enabled_for_disk_encryption=True,
tenant_id=example_user_assigned_identity.tenant_id,
soft_delete_retention_days=7,
purge_protection_enabled=True,
sku_name="standard",
access_policies=[
{
"tenant_id": current["tenantId"],
"object_id": current["objectId"],
"key_permissions": [
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy",
],
},
{
"tenant_id": example_user_assigned_identity.tenant_id,
"object_id": example_user_assigned_identity.principal_id,
"key_permissions": [
"Get",
"WrapKey",
"UnwrapKey",
],
},
])
example_key = azure.keyvault.Key("example",
name="example-key",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"unwrapKey",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[example_key_vault]))
example_database = azure.mssql.Database("example",
name="example-db",
server_id=example_server.id,
collation="SQL_Latin1_General_CP1_CI_AS",
license_type="LicenseIncluded",
max_size_gb=4,
read_scale=True,
sku_name="S0",
zone_redundant=True,
enclave_type="VBS",
tags={
"foo": "bar",
},
identity={
"type": "UserAssigned",
"identity_ids": [example_user_assigned_identity.id],
},
transparent_data_encryption_key_vault_key_id=example_key.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
Name = "example-admin",
Location = example.Location,
ResourceGroupName = example.Name,
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "examplesa",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleServer = new Azure.MSSql.Server("example", new()
{
Name = "example-sqlserver",
ResourceGroupName = example.Name,
Location = example.Location,
Version = "12.0",
AdministratorLogin = "4dm1n157r470r",
AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
});
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "mssqltdeexample",
Location = example.Location,
ResourceGroupName = example.Name,
EnabledForDiskEncryption = true,
TenantId = exampleUserAssignedIdentity.TenantId,
SoftDeleteRetentionDays = 7,
PurgeProtectionEnabled = true,
SkuName = "standard",
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.TenantId,
ObjectId = current.ObjectId,
KeyPermissions = new[]
{
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy",
},
},
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = exampleUserAssignedIdentity.TenantId,
ObjectId = exampleUserAssignedIdentity.PrincipalId,
KeyPermissions = new[]
{
"Get",
"WrapKey",
"UnwrapKey",
},
},
},
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "example-key",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"unwrapKey",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleKeyVault,
},
});
var exampleDatabase = new Azure.MSSql.Database("example", new()
{
Name = "example-db",
ServerId = exampleServer.Id,
Collation = "SQL_Latin1_General_CP1_CI_AS",
LicenseType = "LicenseIncluded",
MaxSizeGb = 4,
ReadScale = true,
SkuName = "S0",
ZoneRedundant = true,
EnclaveType = "VBS",
Tags =
{
{ "foo", "bar" },
},
Identity = new Azure.MSSql.Inputs.DatabaseIdentityArgs
{
Type = "UserAssigned",
IdentityIds = new[]
{
exampleUserAssignedIdentity.Id,
},
},
TransparentDataEncryptionKeyVaultKeyId = exampleKey.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
Name: pulumi.String("example-admin"),
Location: example.Location,
ResourceGroupName: example.Name,
})
if err != nil {
return err
}
_, err = storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("examplesa"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
Name: pulumi.String("example-sqlserver"),
ResourceGroupName: example.Name,
Location: example.Location,
Version: pulumi.String("12.0"),
AdministratorLogin: pulumi.String("4dm1n157r470r"),
AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
})
if err != nil {
return err
}
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("mssqltdeexample"),
Location: example.Location,
ResourceGroupName: example.Name,
EnabledForDiskEncryption: pulumi.Bool(true),
TenantId: exampleUserAssignedIdentity.TenantId,
SoftDeleteRetentionDays: pulumi.Int(7),
PurgeProtectionEnabled: pulumi.Bool(true),
SkuName: pulumi.String("standard"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.Any(current.TenantId),
ObjectId: pulumi.Any(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Create"),
pulumi.String("Delete"),
pulumi.String("Update"),
pulumi.String("Recover"),
pulumi.String("Purge"),
pulumi.String("GetRotationPolicy"),
},
},
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: exampleUserAssignedIdentity.TenantId,
ObjectId: exampleUserAssignedIdentity.PrincipalId,
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("WrapKey"),
pulumi.String("UnwrapKey"),
},
},
},
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("example-key"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("unwrapKey"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleKeyVault,
}))
if err != nil {
return err
}
_, err = mssql.NewDatabase(ctx, "example", &mssql.DatabaseArgs{
Name: pulumi.String("example-db"),
ServerId: exampleServer.ID(),
Collation: pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
LicenseType: pulumi.String("LicenseIncluded"),
MaxSizeGb: pulumi.Int(4),
ReadScale: pulumi.Bool(true),
SkuName: pulumi.String("S0"),
ZoneRedundant: pulumi.Bool(true),
EnclaveType: pulumi.String("VBS"),
Tags: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Identity: &mssql.DatabaseIdentityArgs{
Type: pulumi.String("UserAssigned"),
IdentityIds: pulumi.StringArray{
exampleUserAssignedIdentity.ID(),
},
},
TransparentDataEncryptionKeyVaultKeyId: exampleKey.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.mssql.Database;
import com.pulumi.azure.mssql.DatabaseArgs;
import com.pulumi.azure.mssql.inputs.DatabaseIdentityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.name("example-admin")
.location(example.location())
.resourceGroupName(example.name())
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("examplesa")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.name("example-sqlserver")
.resourceGroupName(example.name())
.location(example.location())
.version("12.0")
.administratorLogin("4dm1n157r470r")
.administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
.build());
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("mssqltdeexample")
.location(example.location())
.resourceGroupName(example.name())
.enabledForDiskEncryption(true)
.tenantId(exampleUserAssignedIdentity.tenantId())
.softDeleteRetentionDays(7)
.purgeProtectionEnabled(true)
.skuName("standard")
.accessPolicies(
KeyVaultAccessPolicyArgs.builder()
.tenantId(current.tenantId())
.objectId(current.objectId())
.keyPermissions(
"Get",
"List",
"Create",
"Delete",
"Update",
"Recover",
"Purge",
"GetRotationPolicy")
.build(),
KeyVaultAccessPolicyArgs.builder()
.tenantId(exampleUserAssignedIdentity.tenantId())
.objectId(exampleUserAssignedIdentity.principalId())
.keyPermissions(
"Get",
"WrapKey",
"UnwrapKey")
.build())
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("example-key")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"unwrapKey",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(exampleKeyVault)
.build());
var exampleDatabase = new Database("exampleDatabase", DatabaseArgs.builder()
.name("example-db")
.serverId(exampleServer.id())
.collation("SQL_Latin1_General_CP1_CI_AS")
.licenseType("LicenseIncluded")
.maxSizeGb(4)
.readScale(true)
.skuName("S0")
.zoneRedundant(true)
.enclaveType("VBS")
.tags(Map.of("foo", "bar"))
.identity(DatabaseIdentityArgs.builder()
.type("UserAssigned")
.identityIds(exampleUserAssignedIdentity.id())
.build())
.transparentDataEncryptionKeyVaultKeyId(exampleKey.id())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
name: example-admin
location: ${example.location}
resourceGroupName: ${example.name}
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplesa
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleServer:
type: azure:mssql:Server
name: example
properties:
name: example-sqlserver
resourceGroupName: ${example.name}
location: ${example.location}
version: '12.0'
administratorLogin: 4dm1n157r470r
administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
exampleDatabase:
type: azure:mssql:Database
name: example
properties:
name: example-db
serverId: ${exampleServer.id}
collation: SQL_Latin1_General_CP1_CI_AS
licenseType: LicenseIncluded
maxSizeGb: 4
readScale: true
skuName: S0
zoneRedundant: true
enclaveType: VBS
tags:
foo: bar
identity:
type: UserAssigned
identityIds:
- ${exampleUserAssignedIdentity.id}
transparentDataEncryptionKeyVaultKeyId: ${exampleKey.id}
# Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: mssqltdeexample
location: ${example.location}
resourceGroupName: ${example.name}
enabledForDiskEncryption: true
tenantId: ${exampleUserAssignedIdentity.tenantId}
softDeleteRetentionDays: 7
purgeProtectionEnabled: true
skuName: standard
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Get
- List
- Create
- Delete
- Update
- Recover
- Purge
- GetRotationPolicy
- tenantId: ${exampleUserAssignedIdentity.tenantId}
objectId: ${exampleUserAssignedIdentity.principalId}
keyPermissions:
- Get
- WrapKey
- UnwrapKey
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: example-key
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- unwrapKey
- wrapKey
options:
dependsOn:
- ${exampleKeyVault}Content copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.Sql: 2023-08-01-preview
Import
SQL Database can be imported using the resource id, e.g.
$ pulumi import azure:mssql/database:Database example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/example1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(autoPauseDelayInMinutes: Output<Int>? = null, collation: Output<String>? = null, createMode: Output<String>? = null, creationSourceDatabaseId: Output<String>? = null, elasticPoolId: Output<String>? = null, enclaveType: Output<String>? = null, geoBackupEnabled: Output<Boolean>? = null, identity: Output<DatabaseIdentityArgs>? = null, import: Output<DatabaseImportArgs>? = null, ledgerEnabled: Output<Boolean>? = null, licenseType: Output<String>? = null, longTermRetentionPolicy: Output<DatabaseLongTermRetentionPolicyArgs>? = null, maintenanceConfigurationName: Output<String>? = null, maxSizeGb: Output<Int>? = null, minCapacity: Output<Double>? = null, name: Output<String>? = null, readReplicaCount: Output<Int>? = null, readScale: Output<Boolean>? = null, recoverDatabaseId: Output<String>? = null, recoveryPointId: Output<String>? = null, restoreDroppedDatabaseId: Output<String>? = null, restoreLongTermRetentionBackupId: Output<String>? = null, restorePointInTime: Output<String>? = null, sampleName: Output<String>? = null, secondaryType: Output<String>? = null, serverId: Output<String>? = null, shortTermRetentionPolicy: Output<DatabaseShortTermRetentionPolicyArgs>? = null, skuName: Output<String>? = null, storageAccountType: Output<String>? = null, tags: Output<Map<String, String>>? = null, threatDetectionPolicy: Output<DatabaseThreatDetectionPolicyArgs>? = null, transparentDataEncryptionEnabled: Output<Boolean>? = null, transparentDataEncryptionKeyAutomaticRotationEnabled: Output<Boolean>? = null, transparentDataEncryptionKeyVaultKeyId: Output<String>? = null, zoneRedundant: Output<Boolean>? = null)
Properties
Link copied to clipboard
Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
Link copied to clipboard
The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
Link copied to clipboard
The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the ID of the elastic pool containing this database.
Link copied to clipboard
Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.
Link copied to clipboard
A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.
Link copied to clipboard
An identity block as defined below.
Link copied to clipboard
A import block as documented below. Mutually exclusive with create_mode.
Link copied to clipboard
A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
Link copied to clipboard
A long_term_retention_policy block as defined below.
Link copied to clipboard
The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.
Link copied to clipboard
Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
Link copied to clipboard
The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
Link copied to clipboard
The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
Link copied to clipboard
The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
Link copied to clipboard
The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
Link copied to clipboard
The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
Link copied to clipboard
Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
Link copied to clipboard
Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
Link copied to clipboard
How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
Link copied to clipboard
A short_term_retention_policy block as defined below.
Link copied to clipboard
Link copied to clipboard
Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
Link copied to clipboard
Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
Link copied to clipboard
If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.
Link copied to clipboard
Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.
Link copied to clipboard
The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.
Link copied to clipboard
Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.