Sql
data class SqlPoolVulnerabilityAssessmentArgs(val recurringScans: Output<SqlPoolVulnerabilityAssessmentRecurringScansArgs>? = null, val sqlPoolSecurityAlertPolicyId: Output<String>? = null, val storageAccountAccessKey: Output<String>? = null, val storageContainerPath: Output<String>? = null, val storageContainerSasKey: Output<String>? = null) : ConvertibleToJava<SqlPoolVulnerabilityAssessmentArgs>
Manages the Vulnerability Assessment for a Synapse SQL Pool.
Example Usage
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: examplestorageacc
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
accountKind: StorageV2
isHnsEnabled: 'true'
exampleContainer:
type: azure:storage:Container
name: example
properties:
name: example
storageAccountName: ${exampleAccount.name}
exampleDataLakeGen2Filesystem:
type: azure:storage:DataLakeGen2Filesystem
name: example
properties:
name: example
storageAccountId: ${exampleAccount.id}
exampleWorkspace:
type: azure:synapse:Workspace
name: example
properties:
name: example
resourceGroupName: ${example.name}
location: ${example.location}
storageDataLakeGen2FilesystemId: ${exampleDataLakeGen2Filesystem.id}
sqlAdministratorLogin: sqladminuser
sqlAdministratorLoginPassword: H@Sh1CoR3!
aadAdmin:
- login: AzureAD Admin
objectId: 00000000-0000-0000-0000-000000000000
tenantId: 00000000-0000-0000-0000-000000000000
identity:
type: SystemAssigned
tags:
Env: production
exampleSqlPool:
type: azure:synapse:SqlPool
name: example
properties:
name: examplesqlpool
synapseWorkspaceId: ${exampleWorkspace.id}
skuName: DW100c
createMode: Default
auditLogs:
type: azure:storage:Account
name: audit_logs
properties:
name: examplesa
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleSqlPoolSecurityAlertPolicy:
type: azure:synapse:SqlPoolSecurityAlertPolicy
name: example
properties:
sqlPoolId: ${exampleSqlPool.id}
policyState: Enabled
storageEndpoint: ${auditLogs.primaryBlobEndpoint}
storageAccountAccessKey: ${auditLogs.primaryAccessKey}
disabledAlerts:
- Sql_Injection
- Data_Exfiltration
retentionDays: 20
exampleSqlPoolVulnerabilityAssessment:
type: azure:synapse:SqlPoolVulnerabilityAssessment
name: example
properties:
sqlPoolSecurityAlertPolicyId: ${exampleSqlPoolSecurityAlertPolicy.id}
storageContainerPath: ${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/
storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
recurringScans:
enabled: true
emails:
- email@example1.com
- email@example2.comContent copied to clipboard
Import
Synapse SQL Pool Vulnerability Assessment can be imported using the resource id, e.g.
$ pulumi import azure:synapse/sqlPoolVulnerabilityAssessment:SqlPoolVulnerabilityAssessment example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/vulnerabilityAssessments/defaultContent copied to clipboard
Constructors
Link copied to clipboard
constructor(recurringScans: Output<SqlPoolVulnerabilityAssessmentRecurringScansArgs>? = null, sqlPoolSecurityAlertPolicyId: Output<String>? = null, storageAccountAccessKey: Output<String>? = null, storageContainerPath: Output<String>? = null, storageContainerSasKey: Output<String>? = null)
Properties
Link copied to clipboard
The recurring scans settings. The recurring_scans block supports fields documented below.
Link copied to clipboard
The ID of the security alert policy of the Synapse SQL Pool. Changing this forces a new resource to be created.
Link copied to clipboard
Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn't specified, storage_account_access_key is required.
Link copied to clipboard
A blob storage container path to hold the scan results (e.g. https://example.blob.core.windows.net/VaScans/).
Link copied to clipboard
A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn't specified, storage_container_sas_key is required.