azurermMssqlManagedInstance
Manages a Microsoft SQL Azure Managed Instance.
\~> Note: All arguments including the administrator login and password will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "database-rg",
}
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_1",
{
address_space: ["10.0.0.0/16"],
location: azurermResourceGroupExample.location,
name: "vnet-mi",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermNetworkSecurityGroupExample =
new azurerm.networkSecurityGroup.NetworkSecurityGroup(this, "example_2", {
location: azurermResourceGroupExample.location,
name: "mi-security-group",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkSecurityGroupExample.overrideLogicalId("example");
new azurerm.networkSecurityRule.NetworkSecurityRule(
this,
"allow_health_probe_inbound",
{
access: "Allow",
destination_address_prefix: "*",
destination_port_range: "*",
direction: "Inbound",
name: "allow_health_probe_inbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 300,
protocol: "*",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "AzureLoadBalancer",
source_port_range: "*",
}
);
new azurerm.networkSecurityRule.NetworkSecurityRule(
this,
"allow_management_inbound",
{
access: "Allow",
destination_address_prefix: "*",
destination_port_ranges: ["9000", "9003", "1438", "1440", "1452"],
direction: "Inbound",
name: "allow_management_inbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 106,
protocol: "Tcp",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "*",
source_port_range: "*",
}
);
new azurerm.networkSecurityRule.NetworkSecurityRule(
this,
"allow_management_outbound",
{
access: "Allow",
destination_address_prefix: "*",
destination_port_ranges: ["80", "443", "12000"],
direction: "Outbound",
name: "allow_management_outbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 102,
protocol: "Tcp",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "*",
source_port_range: "*",
}
);
new azurerm.networkSecurityRule.NetworkSecurityRule(
this,
"allow_misubnet_inbound",
{
access: "Allow",
destination_address_prefix: "*",
destination_port_range: "*",
direction: "Inbound",
name: "allow_misubnet_inbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 200,
protocol: "*",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "10.0.0.0/24",
source_port_range: "*",
}
);
new azurerm.networkSecurityRule.NetworkSecurityRule(
this,
"allow_misubnet_outbound",
{
access: "Allow",
destination_address_prefix: "*",
destination_port_range: "*",
direction: "Outbound",
name: "allow_misubnet_outbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 200,
protocol: "*",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "10.0.0.0/24",
source_port_range: "*",
}
);
new azurerm.networkSecurityRule.NetworkSecurityRule(this, "allow_tds_inbound", {
access: "Allow",
destination_address_prefix: "*",
destination_port_range: "1433",
direction: "Inbound",
name: "allow_tds_inbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 1000,
protocol: "Tcp",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "VirtualNetwork",
source_port_range: "*",
});
new azurerm.networkSecurityRule.NetworkSecurityRule(this, "deny_all_inbound", {
access: "Deny",
destination_address_prefix: "*",
destination_port_range: "*",
direction: "Inbound",
name: "deny_all_inbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 4096,
protocol: "*",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "*",
source_port_range: "*",
});
new azurerm.networkSecurityRule.NetworkSecurityRule(this, "deny_all_outbound", {
access: "Deny",
destination_address_prefix: "*",
destination_port_range: "*",
direction: "Outbound",
name: "deny_all_outbound",
network_security_group_name: azurermNetworkSecurityGroupExample.name,
priority: 4096,
protocol: "*",
resource_group_name: azurermResourceGroupExample.name,
source_address_prefix: "*",
source_port_range: "*",
});
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_11", {
address_prefixes: ["10.0.0.0/24"],
delegation: [
{
name: "managedinstancedelegation",
service_delegation: [
{
actions: [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
],
name: "Microsoft.Sql/managedInstances",
},
],
},
],
name: "subnet-mi",
resource_group_name: azurermResourceGroupExample.name,
virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermSubnetNetworkSecurityGroupAssociationExample =
new azurerm.subnetNetworkSecurityGroupAssociation.SubnetNetworkSecurityGroupAssociation(
this,
"example_12",
{
network_security_group_id: azurermNetworkSecurityGroupExample.id,
subnet_id: azurermSubnetExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetNetworkSecurityGroupAssociationExample.overrideLogicalId(
"example"
);
const azurermRouteTableExample = new azurerm.routeTable.RouteTable(
this,
"example_13",
{
depends_on: [`\${${azurermSubnetExample.fqn}}`],
disable_bgp_route_propagation: false,
location: azurermResourceGroupExample.location,
name: "routetable-mi",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermRouteTableExample.overrideLogicalId("example");
const azurermSubnetRouteTableAssociationExample =
new azurerm.subnetRouteTableAssociation.SubnetRouteTableAssociation(
this,
"example_14",
{
route_table_id: azurermRouteTableExample.id,
subnet_id: azurermSubnetExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetRouteTableAssociationExample.overrideLogicalId("example");
const azurermMssqlManagedInstanceExample =
new azurerm.mssqlManagedInstance.MssqlManagedInstance(this, "example_15", {
administrator_login: "mradministrator",
administrator_login_password: "thisIsDog11",
depends_on: [
`\${${azurermSubnetNetworkSecurityGroupAssociationExample.fqn}}`,
`\${${azurermSubnetRouteTableAssociationExample.fqn}}`,
],
license_type: "BasePrice",
location: azurermResourceGroupExample.location,
name: "managedsqlinstance",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "GP_Gen5",
storage_size_in_gb: 32,
subnet_id: azurermSubnetExample.id,
vcores: 4,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlManagedInstanceExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
administratorLogin
- (Required) The administrator login name for the new SQL Managed Instance. Changing this forces a new resource to be created. -
administratorLoginPassword
- (Required) The password associated with theadministratorLogin
user. Needs to comply with Azure's Password Policy -
licenseType
- (Required) What type of license the Managed Instance will use. Possible values arelicenseIncluded
andbasePrice
. -
location
- (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. -
name
- (Required) The name of the SQL Managed Instance. This needs to be globally unique within Azure. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the resource group in which to create the SQL Managed Instance. Changing this forces a new resource to be created. -
skuName
- (Required) Specifies the SKU Name for the SQL Managed Instance. Valid values includegpGen4
,gpGen5
,gpGen8Im
,gpGen8Ih
,bcGen4
,bcGen5
,bcGen8Im
orbcGen8Ih
. -
storageSizeInGb
- (Required) Maximum storage space for the SQL Managed instance. This should be a multiple of 32 (GB). -
subnetId
- (Required) The subnet resource id that the SQL Managed Instance will be associated with. Changing this forces a new resource to be created. -
vcores
- (Required) Number of cores that should be assigned to the SQL Managed Instance. Values can be8
,16
, or24
for Gen4 SKUs, or4
,8
,16
,24
,32
,40
,64
, or80
for Gen5 SKUs. -
collation
- (Optional) Specifies how the SQL Managed Instance will be collated. Default value issqlLatin1GeneralCp1CiAs
. Changing this forces a new resource to be created. -
dnsZonePartnerId
- (Optional) The ID of the SQL Managed Instance which will share the DNS zone. This is a prerequisite for creating anazurermSqlManagedInstanceFailoverGroup
. Setting this after creation forces a new resource to be created. -
identity
- (Optional) Anidentity
block as defined below. -
maintenanceConfigurationName
- (Optional) The name of the Public Maintenance Configuration window to apply to the SQL Managed Instance. Valid values includesqlDefault
or an Azure Location in the formatsql_{location}Mi_{size}
(for examplesqlEastUsMi1
). Defaults tosqlDefault
. -
minimumTlsVersion
- (Optional) The Minimum TLS Version. Default value is12
Valid values include10
,11
,12
. -
proxyOverride
- (Optional) Specifies how the SQL Managed Instance will be accessed. Default value isdefault
. Valid values includedefault
,proxy
, andredirect
. -
publicDataEndpointEnabled
- (Optional) Is the public data endpoint enabled? Default value isfalse
. -
storageAccountType
- (Optional) Specifies the storage account type used to store backups for this database. Changing this forces a new resource to be created. Possible values aregrs
,lrs
andzrs
. The default value isgrs
. -
tags
- (Optional) A mapping of tags to assign to the resource. -
timezoneId
- (Optional) The TimeZone ID that the SQL Managed Instance will be operating in. Default value isutc
. Changing this forces a new resource to be created.
An identity
block supports the following:
-
type
- (Required) Specifies the type of Managed Service Identity that should be configured on this SQL Managed Instance. Possible values aresystemAssigned
,userAssigned
. -
identityIds
- (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Managed Instance. Required whentype
is set touserAssigned
.
\~> The assigned principalId
and tenantId
can be retrieved after the identity type
has been set to systemAssigned
and SQL Managed Instance has been created.
Attributes Reference
The following attributes are exported:
-
id
- The SQL Managed Instance ID. -
fqdn
- The fully qualified domain name of the Azure Managed SQL Instance
An identity
block exports the following:
-
principalId
- The Principal ID for the Service Principal associated with the Identity of this SQL Managed Instance. -
tenantId
- The Tenant ID for the Service Principal associated with the Identity of this SQL Managed Instance.
-> You can access the Principal ID via azurermMssqlManagedInstanceExampleIdentity0PrincipalId
and the Tenant ID via azurermMssqlManagedInstanceExampleIdentity0TenantId
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 24 hours) Used when creating the Microsoft SQL Managed Instance.update
- (Defaults to 24 hours) Used when updating the Microsoft SQL Managed Instance.read
- (Defaults to 5 minutes) Used when retrieving the Microsoft SQL Managed Instance.delete
- (Defaults to 24 hours) Used when deleting the Microsoft SQL Managed Instance.
Import
Microsoft SQL Managed Instances can be imported using the resourceId
, e.g.