Manages a Database Vulnerability Assessment Rule Baseline.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_sql_server" "example" {
name = "mysqlserver"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12.0"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
}
resource "azurerm_storage_account" "example" {
name = "accteststorageaccount"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
}
resource "azurerm_storage_container" "example" {
name = "accteststoragecontainer"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_mssql_server_security_alert_policy" "example" {
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
state = "Enabled"
}
resource "azurerm_sql_database" "example" {
name = "mysqldatabase"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
location = azurerm_resource_group.example.location
edition = "Standard"
}
resource "azurerm_mssql_server_vulnerability_assessment" "example" {
server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.example.id
storage_container_path = "${azurerm_storage_account.example.primary_blob_endpoint}${azurerm_storage_container.example.name}/"
storage_account_access_key = azurerm_storage_account.example.primary_access_key
}
resource "azurerm_mssql_database_vulnerability_assessment_rule_baseline" "example" {
server_vulnerability_assessment_id = azurerm_mssql_server_vulnerability_assessment.example.id
database_name = azurerm_sql_database.example.name
rule_id = "VA2065"
baseline_name = "master"
baseline_result {
result = [
"allowedip1",
"123.123.123.123",
"123.123.123.123"
]
}
baseline_result {
result = [
"allowedip2",
"255.255.255.255",
"255.255.255.255"
]
}
}
The following arguments are supported:
server_vulnerability_assessment_id
- (Required) The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created.
database_name
- (Required) Specifies the name of the MS SQL Database. Changing this forces a new resource to be created.
rule_id
- (Required) The vulnerability assessment rule ID. Changing this forces a new resource to be created.
baseline_name
- (Optional) The name of the vulnerability assessment rule baseline. Valid options are default
and master
. default
implies a baseline on a database level rule and master
for server level rule. Defaults to default
. Changing this forces a new resource to be created.
baseline_result
- (Required) A baseline_result
block as documented below. Multiple blocks can be defined.
A baseline_result
block supports the following:
result
- (Required) A list representing a result of the baseline.In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Database Vulnerability Assessment Rule Baseline.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Database Vulnerability Assessment Rule Baseline.update
- (Defaults to 30 minutes) Used when updating the Database Vulnerability Assessment Rule Baseline.read
- (Defaults to 5 minutes) Used when retrieving the Database Vulnerability Assessment Rule Baseline.delete
- (Defaults to 30 minutes) Used when deleting the Database Vulnerability Assessment Rule Baseline.Database Vulnerability Assessment Rule Baseline can be imported using the resource id
, e.g.
terraform import azurerm_mssql_database_vulnerability_assessment_rule_baseline.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/servers/mssqlserver/databases/mysqldatabase/vulnerabilityAssessments/Default/rules/VA2065/baselines/master