pulumi-azure-kotlin/com.pulumi.azure.synapse.kotlin/WorkspaceVulnerabilityAssessment

WorkspaceVulnerabilityAssessment

class WorkspaceVulnerabilityAssessment : KotlinCustomResource

Manages the Vulnerability Assessment for a Synapse Workspace.

Example Usage

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleAccount:
    type: azure:storage:Account
    name: example
    properties:
      name: examplestorageacc
      resourceGroupName: ${example.name}
      location: ${example.location}
      accountTier: Standard
      accountReplicationType: LRS
      accountKind: StorageV2
      isHnsEnabled: 'true'
  exampleContainer:
    type: azure:storage:Container
    name: example
    properties:
      name: example
      storageAccountName: ${exampleAccount.name}
  exampleDataLakeGen2Filesystem:
    type: azure:storage:DataLakeGen2Filesystem
    name: example
    properties:
      name: example
      storageAccountId: ${exampleAccount.id}
  exampleWorkspace:
    type: azure:synapse:Workspace
    name: example
    properties:
      name: example
      resourceGroupName: ${example.name}
      location: ${example.location}
      storageDataLakeGen2FilesystemId: ${exampleDataLakeGen2Filesystem.id}
      sqlAdministratorLogin: sqladminuser
      sqlAdministratorLoginPassword: H@Sh1CoR3!
      aadAdmin:
        - login: AzureAD Admin
          objectId: 00000000-0000-0000-0000-000000000000
          tenantId: 00000000-0000-0000-0000-000000000000
      identity:
        type: SystemAssigned
      tags:
        Env: production
  auditLogs:
    type: azure:storage:Account
    name: audit_logs
    properties:
      name: examplesa
      resourceGroupName: ${example.name}
      location: ${example.location}
      accountTier: Standard
      accountReplicationType: LRS
  exampleWorkspaceSecurityAlertPolicy:
    type: azure:synapse:WorkspaceSecurityAlertPolicy
    name: example
    properties:
      synapseWorkspaceId: ${exampleWorkspace.id}
      policyState: Enabled
      storageEndpoint: ${auditLogs.primaryBlobEndpoint}
      storageAccountAccessKey: ${auditLogs.primaryAccessKey}
      disabledAlerts:
        - Sql_Injection
        - Data_Exfiltration
      retentionDays: 20
  exampleWorkspaceVulnerabilityAssessment:
    type: azure:synapse:WorkspaceVulnerabilityAssessment
    name: example
    properties:
      workspaceSecurityAlertPolicyId: ${exampleWorkspaceSecurityAlertPolicy.id}
      storageContainerPath: ${exampleAccount.primaryBlobEndpoint}${exampleContainer.name}/
      storageAccountAccessKey: ${exampleAccount.primaryAccessKey}
      recurringScans:
        enabled: true
        emails:
          - email@example1.com
          - email@example2.com

Import

Synapse Workspace Vulnerability Assessment can be imported using the resource id, e.g.

$ pulumi import azure:synapse/workspaceVulnerabilityAssessment:WorkspaceVulnerabilityAssessment example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/vulnerabilityAssessments/default

Properties

val id: Output<String>

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

recurringScans

val recurringScans: Output<WorkspaceVulnerabilityAssessmentRecurringScans>

The recurring scans settings. The recurring_scans block supports fields documented below.

storageAccountAccessKey

val storageAccountAccessKey: Output<String>?

Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn't specified, storage_account_access_key is required.

storageContainerPath

val storageContainerPath: Output<String>

A blob storage container path to hold the scan results (e.g. https://example.blob.core.windows.net/VaScans/).

storageContainerSasKey

val storageContainerSasKey: Output<String>?

A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn't specified, storage_container_sas_key is required.

urn

val urn: Output<String>

workspaceSecurityAlertPolicyId

val workspaceSecurityAlertPolicyId: Output<String>

The ID of the security alert policy of the Synapse Workspace. Changing this forces a new resource to be created.