Skip to content

azurermMssqlDatabaseVulnerabilityAssessmentRuleBaseline

Manages a Database Vulnerability Assessment Rule Baseline.

-> NOTE Database Vulnerability Assessment is currently only available for MS SQL databases.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermSqlServerExample = new azurerm.sqlServer.SqlServer(
  this,
  "example_1",
  {
    administrator_login: "4dm1n157r470r",
    administrator_login_password: "4-v3ry-53cr37-p455w0rd",
    location: azurermResourceGroupExample.location,
    name: "mysqlserver",
    resource_group_name: azurermResourceGroupExample.name,
    version: "12.0",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSqlServerExample.overrideLogicalId("example");
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_2",
  {
    account_replication_type: "GRS",
    account_tier: "Standard",
    location: azurermResourceGroupExample.location,
    name: "accteststorageaccount",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageContainerExample =
  new azurerm.storageContainer.StorageContainer(this, "example_3", {
    container_access_type: "private",
    name: "accteststoragecontainer",
    storage_account_name: azurermStorageAccountExample.name,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageContainerExample.overrideLogicalId("example");
const azurermMssqlServerSecurityAlertPolicyExample =
  new azurerm.mssqlServerSecurityAlertPolicy.MssqlServerSecurityAlertPolicy(
    this,
    "example_4",
    {
      resource_group_name: azurermResourceGroupExample.name,
      server_name: azurermSqlServerExample.name,
      state: "Enabled",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlServerSecurityAlertPolicyExample.overrideLogicalId("example");
const azurermMssqlServerVulnerabilityAssessmentExample =
  new azurerm.mssqlServerVulnerabilityAssessment.MssqlServerVulnerabilityAssessment(
    this,
    "example_5",
    {
      server_security_alert_policy_id:
        azurermMssqlServerSecurityAlertPolicyExample.id,
      storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
      storage_container_path: `\${${azurermStorageAccountExample.primaryBlobEndpoint}}\${${azurermStorageContainerExample.name}}/`,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlServerVulnerabilityAssessmentExample.overrideLogicalId("example");
const azurermSqlDatabaseExample = new azurerm.sqlDatabase.SqlDatabase(
  this,
  "example_6",
  {
    edition: "Standard",
    location: azurermResourceGroupExample.location,
    name: "mysqldatabase",
    resource_group_name: azurermResourceGroupExample.name,
    server_name: azurermSqlServerExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSqlDatabaseExample.overrideLogicalId("example");
const azurermMssqlDatabaseVulnerabilityAssessmentRuleBaselineExample =
  new azurerm.mssqlDatabaseVulnerabilityAssessmentRuleBaseline.MssqlDatabaseVulnerabilityAssessmentRuleBaseline(
    this,
    "example_7",
    {
      baseline_name: "master",
      baseline_result: [
        {
          result: ["allowedip1", "123.123.123.123", "123.123.123.123"],
        },
        {
          result: ["allowedip2", "255.255.255.255", "255.255.255.255"],
        },
      ],
      database_name: azurermSqlDatabaseExample.name,
      rule_id: "VA2065",
      server_vulnerability_assessment_id:
        azurermMssqlServerVulnerabilityAssessmentExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlDatabaseVulnerabilityAssessmentRuleBaselineExample.overrideLogicalId(
  "example"
);

Argument Reference

The following arguments are supported:

  • serverVulnerabilityAssessmentId - (Required) The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created.

  • databaseName - (Required) Specifies the name of the MS SQL Database. Changing this forces a new resource to be created.

  • ruleId - (Required) The vulnerability assessment rule ID. Changing this forces a new resource to be created.

  • baselineName - (Optional) The name of the vulnerability assessment rule baseline. Valid options are default and master. default implies a baseline on a database level rule and master for server level rule. Defaults to default. Changing this forces a new resource to be created.

  • baselineResult - (Required) A baselineResult block as documented below. Multiple blocks can be defined.

A baselineResult block supports the following:

  • result - (Required) A list representing a result of the baseline.

Attributes Reference

The following attributes are exported:

  • id - The ID of the Database Vulnerability Assessment Rule Baseline.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Database Vulnerability Assessment Rule Baseline.
  • update - (Defaults to 30 minutes) Used when updating the Database Vulnerability Assessment Rule Baseline.
  • read - (Defaults to 5 minutes) Used when retrieving the Database Vulnerability Assessment Rule Baseline.
  • delete - (Defaults to 30 minutes) Used when deleting the Database Vulnerability Assessment Rule Baseline.

Import

Database Vulnerability Assessment Rule Baseline can be imported using the resourceId, e.g.

terraform import azurerm_mssql_database_vulnerability_assessment_rule_baseline.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/servers/mssqlserver/databases/mysqldatabase/vulnerabilityAssessments/Default/rules/VA2065/baselines/master