Manages a SQL Azure Managed Instance.
resource "azurerm_resource_group" "example" {
name = "database-rg"
location = "West Europe"
}
resource "azurerm_network_security_group" "example" {
name = "mi-security-group"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_network_security_rule" "allow_management_inbound" {
name = "allow_management_inbound"
priority = 106
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["9000", "9003", "1438", "1440", "1452"]
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_misubnet_inbound" {
name = "allow_misubnet_inbound"
priority = 200
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "10.0.0.0/24"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_health_probe_inbound" {
name = "allow_health_probe_inbound"
priority = 300
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "AzureLoadBalancer"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_tds_inbound" {
name = "allow_tds_inbound"
priority = 1000
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "1433"
source_address_prefix = "VirtualNetwork"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "deny_all_inbound" {
name = "deny_all_inbound"
priority = 4096
direction = "Inbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_management_outbound" {
name = "allow_management_outbound"
priority = 102
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["80", "443", "12000"]
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "allow_misubnet_outbound" {
name = "allow_misubnet_outbound"
priority = 200
direction = "Outbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "10.0.0.0/24"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_network_security_rule" "deny_all_outbound" {
name = "deny_all_outbound"
priority = 4096
direction = "Outbound"
access = "Deny"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.example.name
network_security_group_name = azurerm_network_security_group.example.name
}
resource "azurerm_virtual_network" "example" {
name = "vnet-mi"
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
}
resource "azurerm_subnet" "example" {
name = "subnet-mi"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.0.0/24"]
delegation {
name = "managedinstancedelegation"
service_delegation {
name = "Microsoft.Sql/managedInstances"
actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action"]
}
}
}
resource "azurerm_subnet_network_security_group_association" "example" {
subnet_id = azurerm_subnet.example.id
network_security_group_id = azurerm_network_security_group.example.id
}
resource "azurerm_route_table" "example" {
name = "routetable-mi"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
disable_bgp_route_propagation = false
depends_on = [
azurerm_subnet.example,
]
}
resource "azurerm_subnet_route_table_association" "example" {
subnet_id = azurerm_subnet.example.id
route_table_id = azurerm_route_table.example.id
}
resource "azurerm_sql_managed_instance" "example" {
name = "managedsqlinstance"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
administrator_login = "mradministrator"
administrator_login_password = "thisIsDog11"
license_type = "BasePrice"
subnet_id = azurerm_subnet.example.id
sku_name = "GP_Gen5"
vcores = 4
storage_size_in_gb = 32
depends_on = [
azurerm_subnet_network_security_group_association.example,
azurerm_subnet_route_table_association.example,
]
}
The following arguments are supported:
name
- (Required) The name of the SQL Managed Instance. This needs to be globally unique within Azure. Changing this forces a new resource to be created.
resource_group_name
- (Required) The name of the resource group in which to create the SQL Server. Changing this forces a new resource to be created.
location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
sku_name
- (Required) Specifies the SKU Name for the SQL Managed Instance. Valid values include GP_Gen4
, GP_Gen5
, BC_Gen4
, BC_Gen5
.
vcores
- (Required) Number of cores that should be assigned to your instance. Values can be 8
, 16
, or 24
if sku_name
is GP_Gen4
, or 8
, 16
, 24
, 32
, or 40
if sku_name
is GP_Gen5
.
storage_size_in_gb
- (Required) Maximum storage space for your instance. It should be a multiple of 32GB.
license_type
- (Required) What type of license the Managed Instance will use. Valid values include can be LicenseIncluded
or BasePrice
.
administrator_login
- (Required) The administrator login name for the new server. Changing this forces a new resource to be created.
administrator_login_password
- (Required) The password associated with the administrator_login
user. Needs to comply with Azure's Password Policy
subnet_id
- (Required) The subnet resource id that the SQL Managed Instance will be associated with. Changing this forces a new resource to be created.
collation
- (Optional) Specifies how the SQL Managed Instance will be collated. Default value is SQL_Latin1_General_CP1_CI_AS
. Changing this forces a new resource to be created.
public_data_endpoint_enabled
- (Optional) Is the public data endpoint enabled? Default value is false
.
minimum_tls_version
- (Optional) The Minimum TLS Version. Default value is 1.2
Valid values include 1.0
, 1.1
, 1.2
.
proxy_override
- (Optional) Specifies how the SQL Managed Instance will be accessed. Default value is Default
. Valid values include Default
, Proxy
, and Redirect
.
timezone_id
- (Optional) The TimeZone ID that the SQL Managed Instance will be operating in. Default value is UTC
. Changing this forces a new resource to be created.
dns_zone_partner_id
- (Optional) The ID of the Managed Instance which will share the DNS zone. This is a prerequisite for creating a azurerm_sql_managed_instance_failover_group
. Setting this after creation forces a new resource to be created.
identity
- (Optional) An identity
block as defined below.
storage_account_type
- (Optional) Specifies the storage account type used to store backups for this database. Changing this forces a new resource to be created. Possible values are GRS
, LRS
and ZRS
. Defaults to GRS
.
tags
- (Optional) A mapping of tags to assign to the resource.
An identity
block supports the following:
type
- (Required) Specifies the type of Managed Service Identity that should be configured on this SQL Managed Instance. The only possible value is SystemAssigned
.In addition to the Arguments listed above - the following Attributes are exported:
id
- The SQL Managed Instance ID.
fqdn
- The fully qualified domain name of the Azure Managed SQL Instance
identity
- An identity
block as defined below.
The identity
block exports the following:
principal_id
- The Principal ID for the Service Principal associated with the Identity of this SQL Managed Instance.
tenant_id
- The Tenant ID for the Service Principal associated with the Identity of this SQL Managed Instance.
The timeouts
block allows you to specify timeouts for certain actions:
read
- (Defaults to 5 minutes) Used when retrieving the Sql Managed Instance.create
- (Defaults to 24 hours) Used when creating the Sql Managed Instance.update
- (Defaults to 24 hours) Used when updating the Sql Managed Instance.delete
- (Defaults to 24 hours) Used when deleting the Sql Managed Instance.SQL Servers can be imported using the resource id
, e.g.
terraform import azurerm_sql_managed_instance.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Sql/managedInstances/myserver