Manages the Vulnerability Assessment for an MS Managed Instance.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_subnet" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_virtual_network" "example" {
name = "example"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_mssql_managed_instance" "example" {
name = "exampleinstance"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
license_type = "BasePrice"
sku_name = "GP_Gen5"
storage_size_in_gb = 32
subnet_id = azurerm_subnet.example.id
vcores = 4
administrator_login = "missadministrator"
administrator_login_password = "NCC-1701-D"
}
resource "azurerm_storage_account" "example" {
name = "accteststorageaccount"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
}
resource "azurerm_storage_container" "example" {
name = "accteststoragecontainer"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_mssql_managed_instance_security_alert_policy" "example" {
resource_group_name = azurerm_resource_group.test.name
managed_instance_name = azurerm_mssql_managed_instance.test.name
enabled = true
storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.test.primary_access_key
retention_days = 30
}
resource "azurerm_mssql_managed_instance_vulnerability_assessment" "example" {
managed_instance_id = azurerm_mssql_managed_instance.example.id
storage_container_path = "${azurerm_storage_account.example.primary_blob_endpoint}${azurerm_storage_container.example.name}/"
storage_account_access_key = azurerm_storage_account.example.primary_access_key
recurring_scans {
enabled = true
email_subscription_admins = true
emails = [
"email@example1.com",
"email@example2.com"
]
}
depends_on = [azurerm_mssql_managed_instance_security_alert_policy.example]
}
The following arguments are supported:
managed_instance_id
- (Required) The id of the MS SQL Managed Instance. Changing this forces a new resource to be created.
storage_container_path
- (Required) A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).
storage_account_access_key
- (Optional) Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key
isn't specified, storage_account_access_key
is required.
storage_container_sas_key
- (Optional) A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path
parameter. If storage_account_access_key
isn't specified, storage_container_sas_key
is required.recurring_scans
- (Optional) The recurring scans settings. The recurring_scans
block supports fields documented below.The recurring_scans
block supports the following:
enabled
- (Optional) Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to false
.email_subscription_admins
- (Optional) Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to true
.emails
- (Optional) Specifies an array of e-mail addresses to which the scan notification is sent.In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Vulnerability Assessment.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 60 minutes) Used when creating the Vulnerability Assessment.update
- (Defaults to 60 minutes) Used when updating the Vulnerability Assessment.read
- (Defaults to 5 minutes) Used when retrieving the Vulnerability Assessment.delete
- (Defaults to 60 minutes) Used when deleting the Vulnerability Assessment.The Vulnerability Assessment can be imported using the resource id
, e.g.
terraform import azurerm_mssql_managed_instance_vulnerability_assessment.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/managedInstances/instance1/vulnerabilityAssessments/Default