Managed
data class ManagedInstanceVulnerabilityAssessmentArgs(val managedInstanceId: Output<String>? = null, val recurringScans: Output<ManagedInstanceVulnerabilityAssessmentRecurringScansArgs>? = null, val storageAccountAccessKey: Output<String>? = null, val storageContainerPath: Output<String>? = null, val storageContainerSasKey: Output<String>? = null) : ConvertibleToJava<ManagedInstanceVulnerabilityAssessmentArgs>
Manages the Vulnerability Assessment for an MS Managed Instance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
name: "example",
location: example.location,
resourceGroupName: example.name,
addressSpaces: ["10.0.0.0/16"],
});
const exampleSubnet = new azure.network.Subnet("example", {
name: "example",
resourceGroupName: example.name,
virtualNetworkName: exampleVirtualNetwork.name,
addressPrefixes: ["10.0.2.0/24"],
});
const exampleManagedInstance = new azure.mssql.ManagedInstance("example", {
name: "exampleinstance",
resourceGroupName: example.name,
location: example.location,
licenseType: "BasePrice",
skuName: "GP_Gen5",
storageSizeInGb: 32,
subnetId: exampleSubnet.id,
vcores: 4,
administratorLogin: "missadministrator",
administratorLoginPassword: "NCC-1701-D",
});
const exampleAccount = new azure.storage.Account("example", {
name: "accteststorageaccount",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "GRS",
});
const exampleContainer = new azure.storage.Container("example", {
name: "accteststoragecontainer",
storageAccountName: exampleAccount.name,
containerAccessType: "private",
});
const exampleManagedInstanceSecurityAlertPolicy = new azure.mssql.ManagedInstanceSecurityAlertPolicy("example", {
resourceGroupName: testAzurermResourceGroup.name,
managedInstanceName: test.name,
enabled: true,
storageEndpoint: testAzurermStorageAccount.primaryBlobEndpoint,
storageAccountAccessKey: testAzurermStorageAccount.primaryAccessKey,
retentionDays: 30,
});
const exampleManagedInstanceVulnerabilityAssessment = new azure.mssql.ManagedInstanceVulnerabilityAssessment("example", {
managedInstanceId: exampleManagedInstance.id,
storageContainerPath: pulumi.interpolate`${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/`,
storageAccountAccessKey: exampleAccount.primaryAccessKey,
recurringScans: {
enabled: true,
emailSubscriptionAdmins: true,
emails: [
"email@example1.com",
"email@example2.com",
],
},
}, {
dependsOn: [exampleManagedInstanceSecurityAlertPolicy],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("example",
name="example",
location=example.location,
resource_group_name=example.name,
address_spaces=["10.0.0.0/16"])
example_subnet = azure.network.Subnet("example",
name="example",
resource_group_name=example.name,
virtual_network_name=example_virtual_network.name,
address_prefixes=["10.0.2.0/24"])
example_managed_instance = azure.mssql.ManagedInstance("example",
name="exampleinstance",
resource_group_name=example.name,
location=example.location,
license_type="BasePrice",
sku_name="GP_Gen5",
storage_size_in_gb=32,
subnet_id=example_subnet.id,
vcores=4,
administrator_login="missadministrator",
administrator_login_password="NCC-1701-D")
example_account = azure.storage.Account("example",
name="accteststorageaccount",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="GRS")
example_container = azure.storage.Container("example",
name="accteststoragecontainer",
storage_account_name=example_account.name,
container_access_type="private")
example_managed_instance_security_alert_policy = azure.mssql.ManagedInstanceSecurityAlertPolicy("example",
resource_group_name=test_azurerm_resource_group["name"],
managed_instance_name=test["name"],
enabled=True,
storage_endpoint=test_azurerm_storage_account["primaryBlobEndpoint"],
storage_account_access_key=test_azurerm_storage_account["primaryAccessKey"],
retention_days=30)
example_managed_instance_vulnerability_assessment = azure.mssql.ManagedInstanceVulnerabilityAssessment("example",
managed_instance_id=example_managed_instance.id,
storage_container_path=pulumi.Output.all(
primary_blob_endpoint=example_account.primary_blob_endpoint,
name=example_container.name
).apply(lambda resolved_outputs: f"{resolved_outputs['primary_blob_endpoint']}{resolved_outputs['name']}/")
,
storage_account_access_key=example_account.primary_access_key,
recurring_scans={
"enabled": True,
"email_subscription_admins": True,
"emails": [
"email@example1.com",
"email@example2.com",
],
},
opts = pulumi.ResourceOptions(depends_on=[example_managed_instance_security_alert_policy]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
{
Name = "example",
Location = example.Location,
ResourceGroupName = example.Name,
AddressSpaces = new[]
{
"10.0.0.0/16",
},
});
var exampleSubnet = new Azure.Network.Subnet("example", new()
{
Name = "example",
ResourceGroupName = example.Name,
VirtualNetworkName = exampleVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.2.0/24",
},
});
var exampleManagedInstance = new Azure.MSSql.ManagedInstance("example", new()
{
Name = "exampleinstance",
ResourceGroupName = example.Name,
Location = example.Location,
LicenseType = "BasePrice",
SkuName = "GP_Gen5",
StorageSizeInGb = 32,
SubnetId = exampleSubnet.Id,
Vcores = 4,
AdministratorLogin = "missadministrator",
AdministratorLoginPassword = "NCC-1701-D",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "accteststorageaccount",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "GRS",
});
var exampleContainer = new Azure.Storage.Container("example", new()
{
Name = "accteststoragecontainer",
StorageAccountName = exampleAccount.Name,
ContainerAccessType = "private",
});
var exampleManagedInstanceSecurityAlertPolicy = new Azure.MSSql.ManagedInstanceSecurityAlertPolicy("example", new()
{
ResourceGroupName = testAzurermResourceGroup.Name,
ManagedInstanceName = test.Name,
Enabled = true,
StorageEndpoint = testAzurermStorageAccount.PrimaryBlobEndpoint,
StorageAccountAccessKey = testAzurermStorageAccount.PrimaryAccessKey,
RetentionDays = 30,
});
var exampleManagedInstanceVulnerabilityAssessment = new Azure.MSSql.ManagedInstanceVulnerabilityAssessment("example", new()
{
ManagedInstanceId = exampleManagedInstance.Id,
StorageContainerPath = Output.Tuple(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).Apply(values =>
{
var primaryBlobEndpoint = values.Item1;
var name = values.Item2;
return $"{primaryBlobEndpoint}{name}/";
}),
StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
RecurringScans = new Azure.MSSql.Inputs.ManagedInstanceVulnerabilityAssessmentRecurringScansArgs
{
Enabled = true,
EmailSubscriptionAdmins = true,
Emails = new[]
{
"email@example1.com",
"email@example2.com",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleManagedInstanceSecurityAlertPolicy,
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/mssql"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
Name: pulumi.String("example"),
Location: example.Location,
ResourceGroupName: example.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
})
if err != nil {
return err
}
exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
Name: pulumi.String("example"),
ResourceGroupName: example.Name,
VirtualNetworkName: exampleVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.2.0/24"),
},
})
if err != nil {
return err
}
exampleManagedInstance, err := mssql.NewManagedInstance(ctx, "example", &mssql.ManagedInstanceArgs{
Name: pulumi.String("exampleinstance"),
ResourceGroupName: example.Name,
Location: example.Location,
LicenseType: pulumi.String("BasePrice"),
SkuName: pulumi.String("GP_Gen5"),
StorageSizeInGb: pulumi.Int(32),
SubnetId: exampleSubnet.ID(),
Vcores: pulumi.Int(4),
AdministratorLogin: pulumi.String("missadministrator"),
AdministratorLoginPassword: pulumi.String("NCC-1701-D"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("accteststorageaccount"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("GRS"),
})
if err != nil {
return err
}
exampleContainer, err := storage.NewContainer(ctx, "example", &storage.ContainerArgs{
Name: pulumi.String("accteststoragecontainer"),
StorageAccountName: exampleAccount.Name,
ContainerAccessType: pulumi.String("private"),
})
if err != nil {
return err
}
exampleManagedInstanceSecurityAlertPolicy, err := mssql.NewManagedInstanceSecurityAlertPolicy(ctx, "example", &mssql.ManagedInstanceSecurityAlertPolicyArgs{
ResourceGroupName: pulumi.Any(testAzurermResourceGroup.Name),
ManagedInstanceName: pulumi.Any(test.Name),
Enabled: pulumi.Bool(true),
StorageEndpoint: pulumi.Any(testAzurermStorageAccount.PrimaryBlobEndpoint),
StorageAccountAccessKey: pulumi.Any(testAzurermStorageAccount.PrimaryAccessKey),
RetentionDays: pulumi.Int(30),
})
if err != nil {
return err
}
_, err = mssql.NewManagedInstanceVulnerabilityAssessment(ctx, "example", &mssql.ManagedInstanceVulnerabilityAssessmentArgs{
ManagedInstanceId: exampleManagedInstance.ID(),
StorageContainerPath: pulumi.All(exampleAccount.PrimaryBlobEndpoint, exampleContainer.Name).ApplyT(func(_args []interface{}) (string, error) {
primaryBlobEndpoint := _args[0].(string)
name := _args[1].(string)
return fmt.Sprintf("%v%v/", primaryBlobEndpoint, name), nil
}).(pulumi.StringOutput),
StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
RecurringScans: &mssql.ManagedInstanceVulnerabilityAssessmentRecurringScansArgs{
Enabled: pulumi.Bool(true),
EmailSubscriptionAdmins: pulumi.Bool(true),
Emails: pulumi.StringArray{
pulumi.String("email@example1.com"),
pulumi.String("email@example2.com"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleManagedInstanceSecurityAlertPolicy,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.mssql.ManagedInstance;
import com.pulumi.azure.mssql.ManagedInstanceArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.mssql.ManagedInstanceSecurityAlertPolicy;
import com.pulumi.azure.mssql.ManagedInstanceSecurityAlertPolicyArgs;
import com.pulumi.azure.mssql.ManagedInstanceVulnerabilityAssessment;
import com.pulumi.azure.mssql.ManagedInstanceVulnerabilityAssessmentArgs;
import com.pulumi.azure.mssql.inputs.ManagedInstanceVulnerabilityAssessmentRecurringScansArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
.name("example")
.location(example.location())
.resourceGroupName(example.name())
.addressSpaces("10.0.0.0/16")
.build());
var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
.name("example")
.resourceGroupName(example.name())
.virtualNetworkName(exampleVirtualNetwork.name())
.addressPrefixes("10.0.2.0/24")
.build());
var exampleManagedInstance = new ManagedInstance("exampleManagedInstance", ManagedInstanceArgs.builder()
.name("exampleinstance")
.resourceGroupName(example.name())
.location(example.location())
.licenseType("BasePrice")
.skuName("GP_Gen5")
.storageSizeInGb(32)
.subnetId(exampleSubnet.id())
.vcores(4)
.administratorLogin("missadministrator")
.administratorLoginPassword("NCC-1701-D")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("accteststorageaccount")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("GRS")
.build());
var exampleContainer = new Container("exampleContainer", ContainerArgs.builder()
.name("accteststoragecontainer")
.storageAccountName(exampleAccount.name())
.containerAccessType("private")
.build());
var exampleManagedInstanceSecurityAlertPolicy = new ManagedInstanceSecurityAlertPolicy("exampleManagedInstanceSecurityAlertPolicy", ManagedInstanceSecurityAlertPolicyArgs.builder()
.resourceGroupName(testAzurermResourceGroup.name())
.managedInstanceName(test.name())
.enabled(true)
.storageEndpoint(testAzurermStorageAccount.primaryBlobEndpoint())
.storageAccountAccessKey(testAzurermStorageAccount.primaryAccessKey())
.retentionDays(30)
.build());
var exampleManagedInstanceVulnerabilityAssessment = new ManagedInstanceVulnerabilityAssessment("exampleManagedInstanceVulnerabilityAssessment", ManagedInstanceVulnerabilityAssessmentArgs.builder()
.managedInstanceId(exampleManagedInstance.id())
.storageContainerPath(Output.tuple(exampleAccount.primaryBlobEndpoint(), exampleContainer.name()).applyValue(values -> {
var primaryBlobEndpoint = values.t1;
var name = values.t2;
return String.format("%s%s/", primaryBlobEndpoint,name);
}))
.storageAccountAccessKey(exampleAccount.primaryAccessKey())
.recurringScans(ManagedInstanceVulnerabilityAssessmentRecurringScansArgs.builder()
.enabled(true)
.emailSubscriptionAdmins(true)
.emails(
"email@example1.com",
"email@example2.com")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleManagedInstanceSecurityAlertPolicy)
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleSubnet:
type: azure:network:Subnet
name: example
properties:
name: example
resourceGroupName: ${example.name}
virtualNetworkName: ${exampleVirtualNetwork.name}
addressPrefixes:
- 10.0.2.0/24
exampleVirtualNetwork:
type: azure:network:VirtualNetwork
name: example
properties:
name: example
location: ${example.location}
resourceGroupName: ${example.name}
addressSpaces:
- 10.0.0.0/16
exampleManagedInstance:
type: azure:mssql:ManagedInstance
name: example
properties:
name: exampleinstance
resourceGroupName: ${example.name}
location: ${example.location}
licenseType: BasePrice
skuName: GP_Gen5
storageSizeInGb: 32
subnetId: ${exampleSubnet.id}
vcores: 4
administratorLogin: missadministrator
administratorLoginPassword: NCC-1701-D
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: accteststorageaccount
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: GRS
exampleContainer:
type: azure:storage:Container
name: example
properties:
name: accteststoragecontainer
storageAccountName: ${exampleAccount.name}
containerAccessType: private
exampleManagedInstanceSecurityAlertPolicy:
type: azure:mssql:ManagedInstanceSecurityAlertPolicy
name: example
properties:
resourceGroupName: ${testAzurermResourceGroup.name}
managedInstanceName: ${test.name}
enabled: true
storageEndpoint: ${testAzurermStorageAccount.primaryBlobEndpoint}
storageAccountAccessKey: ${testAzurermStorageAccount.primaryAccessKey}
retentionDays: 30
exampleManagedInstanceVulnerabilityAssessment:
type: azure:mssql:ManagedInstanceVulnerabilityAssessment
name: example
properties:
managedInstanceId: ${exampleManagedInstance.id}
storageContainerPath: ${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
recurringScans:
enabled: true
emailSubscriptionAdmins: true
emails:
- email@example1.com
- email@example2.com
options:
dependsOn:
- ${exampleManagedInstanceSecurityAlertPolicy}Content copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.Sql: 2023-08-01-preview
Import
The Vulnerability Assessment can be imported using the resource id, e.g.
$ pulumi import azure:mssql/managedInstanceVulnerabilityAssessment:ManagedInstanceVulnerabilityAssessment example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/managedInstances/instance1/vulnerabilityAssessments/DefaultContent copied to clipboard
Constructors
Link copied to clipboard
constructor(managedInstanceId: Output<String>? = null, recurringScans: Output<ManagedInstanceVulnerabilityAssessmentRecurringScansArgs>? = null, storageAccountAccessKey: Output<String>? = null, storageContainerPath: Output<String>? = null, storageContainerSasKey: Output<String>? = null)
Properties
Link copied to clipboard
The id of the MS SQL Managed Instance. Changing this forces a new resource to be created.
Link copied to clipboard
The recurring scans settings. The recurring_scans block supports fields documented below.
Link copied to clipboard
Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn't specified, storage_account_access_key is required.
Link copied to clipboard
A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).
Link copied to clipboard
A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn't specified, storage_container_sas_key is required.