Skip to content

azurermMssqlDatabaseExtendedAuditingPolicy

Manages a MS SQL Database Extended Auditing Policy.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_2",
  {
    account_replication_type: "LRS",
    account_tier: "Standard",
    location: azurermResourceGroupExample.location,
    name: "examplesa",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermMssqlServerExample = new azurerm.mssqlServer.MssqlServer(
  this,
  "example_3",
  {
    administrator_login: "missadministrator",
    administrator_login_password: "AdminPassword123!",
    location: azurermResourceGroupExample.location,
    name: "example-sqlserver",
    resource_group_name: azurermResourceGroupExample.name,
    version: "12.0",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlServerExample.overrideLogicalId("example");
const azurermMssqlDatabaseExample = new azurerm.mssqlDatabase.MssqlDatabase(
  this,
  "example_4",
  {
    name: "example-db",
    server_id: azurermMssqlServerExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlDatabaseExample.overrideLogicalId("example");
const azurermMssqlDatabaseExtendedAuditingPolicyExample =
  new azurerm.mssqlDatabaseExtendedAuditingPolicy.MssqlDatabaseExtendedAuditingPolicy(
    this,
    "example_5",
    {
      database_id: azurermMssqlDatabaseExample.id,
      retention_in_days: 6,
      storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
      storage_account_access_key_is_secondary: false,
      storage_endpoint: azurermStorageAccountExample.primaryBlobEndpoint,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlDatabaseExtendedAuditingPolicyExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • databaseId - (Required) The ID of the SQL database to set the extended auditing policy. Changing this forces a new resource to be created.

  • enabled - (Optional) Whether to enable the extended auditing policy. Possible values are true and false. Defaults to true.

->NOTE: If enabled is true, storageEndpoint or logMonitoringEnabled are required.

  • storageEndpoint - (Optional) The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all extended auditing logs.

  • retentionInDays - (Optional) The number of days to retain logs for in the storage account. Defaults to 0.

  • storageAccountAccessKey - (Optional) The access key to use for the auditing storage account.

  • storageAccountAccessKeyIsSecondary - (Optional) Is storageAccountAccessKey value the storage's secondary key?

  • logMonitoringEnabled - (Optional) Enable audit events to Azure Monitor? Defaults to true.

\~> NOTE: To enable sending audit events to Log Analytics, please refer to the example which can be found in the /examples/sqlAzure/sqlAuditingLogAnalytics directory within the GitHub Repository. To enable sending server audit events to Log Analytics, please enable the master database to send audit events to Log Analytics. To enable audit events to Eventhub, please refer to the example which can be found in the /examples/sqlAzure/sqlAuditingEventhub directory within the GitHub Repository.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the MS SQL Database Extended Auditing Policy.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the MS SQL Database Extended Auditing Policy.
  • read - (Defaults to 5 minutes) Used when retrieving the MS SQL Database Extended Auditing Policy.
  • update - (Defaults to 30 minutes) Used when updating the MS SQL Database Extended Auditing Policy.
  • delete - (Defaults to 30 minutes) Used when deleting the MS SQL Database Extended Auditing Policy.

Import

MS SQL Database Extended Auditing Policies can be imported using the resourceId, e.g.

terraform import azurerm_mssql_database_extended_auditing_policy.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/sqlServer1/databases/db1/extendedAuditingSettings/default