azurermMssqlDatabaseVulnerabilityAssessmentRuleBaseline
Manages a Database Vulnerability Assessment Rule Baseline.
-> NOTE Database Vulnerability Assessment is currently only available for MS SQL databases.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermSqlServerExample = new azurerm.sqlServer.SqlServer(
this,
"example_1",
{
administrator_login: "4dm1n157r470r",
administrator_login_password: "4-v3ry-53cr37-p455w0rd",
location: azurermResourceGroupExample.location,
name: "mysqlserver",
resource_group_name: azurermResourceGroupExample.name,
version: "12.0",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSqlServerExample.overrideLogicalId("example");
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_2",
{
account_replication_type: "GRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "accteststorageaccount",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageContainerExample =
new azurerm.storageContainer.StorageContainer(this, "example_3", {
container_access_type: "private",
name: "accteststoragecontainer",
storage_account_name: azurermStorageAccountExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageContainerExample.overrideLogicalId("example");
const azurermMssqlServerSecurityAlertPolicyExample =
new azurerm.mssqlServerSecurityAlertPolicy.MssqlServerSecurityAlertPolicy(
this,
"example_4",
{
resource_group_name: azurermResourceGroupExample.name,
server_name: azurermSqlServerExample.name,
state: "Enabled",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlServerSecurityAlertPolicyExample.overrideLogicalId("example");
const azurermMssqlServerVulnerabilityAssessmentExample =
new azurerm.mssqlServerVulnerabilityAssessment.MssqlServerVulnerabilityAssessment(
this,
"example_5",
{
server_security_alert_policy_id:
azurermMssqlServerSecurityAlertPolicyExample.id,
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_container_path: `\${${azurermStorageAccountExample.primaryBlobEndpoint}}\${${azurermStorageContainerExample.name}}/`,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlServerVulnerabilityAssessmentExample.overrideLogicalId("example");
const azurermSqlDatabaseExample = new azurerm.sqlDatabase.SqlDatabase(
this,
"example_6",
{
edition: "Standard",
location: azurermResourceGroupExample.location,
name: "mysqldatabase",
resource_group_name: azurermResourceGroupExample.name,
server_name: azurermSqlServerExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSqlDatabaseExample.overrideLogicalId("example");
const azurermMssqlDatabaseVulnerabilityAssessmentRuleBaselineExample =
new azurerm.mssqlDatabaseVulnerabilityAssessmentRuleBaseline.MssqlDatabaseVulnerabilityAssessmentRuleBaseline(
this,
"example_7",
{
baseline_name: "master",
baseline_result: [
{
result: ["allowedip1", "123.123.123.123", "123.123.123.123"],
},
{
result: ["allowedip2", "255.255.255.255", "255.255.255.255"],
},
],
database_name: azurermSqlDatabaseExample.name,
rule_id: "VA2065",
server_vulnerability_assessment_id:
azurermMssqlServerVulnerabilityAssessmentExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlDatabaseVulnerabilityAssessmentRuleBaselineExample.overrideLogicalId(
"example"
);
Argument Reference
The following arguments are supported:
-
serverVulnerabilityAssessmentId
- (Required) The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created. -
databaseName
- (Required) Specifies the name of the MS SQL Database. Changing this forces a new resource to be created. -
ruleId
- (Required) The vulnerability assessment rule ID. Changing this forces a new resource to be created. -
baselineName
- (Optional) The name of the vulnerability assessment rule baseline. Valid options aredefault
andmaster
.default
implies a baseline on a database level rule andmaster
for server level rule. Defaults todefault
. Changing this forces a new resource to be created. -
baselineResult
- (Required) AbaselineResult
block as documented below. Multiple blocks can be defined.
A baselineResult
block supports the following:
result
- (Required) A list representing a result of the baseline.
Attributes Reference
The following attributes are exported:
id
- The ID of the Database Vulnerability Assessment Rule Baseline.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Database Vulnerability Assessment Rule Baseline.update
- (Defaults to 30 minutes) Used when updating the Database Vulnerability Assessment Rule Baseline.read
- (Defaults to 5 minutes) Used when retrieving the Database Vulnerability Assessment Rule Baseline.delete
- (Defaults to 30 minutes) Used when deleting the Database Vulnerability Assessment Rule Baseline.
Import
Database Vulnerability Assessment Rule Baseline can be imported using the resourceId
, e.g.
terraform import azurerm_mssql_database_vulnerability_assessment_rule_baseline.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/servers/mssqlserver/databases/mysqldatabase/vulnerabilityAssessments/Default/rules/VA2065/baselines/master