azurermMssqlManagedInstanceVulnerabilityAssessment
Manages the Vulnerability Assessment for an MS Managed Instance.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermMssqlManagedInstanceSecurityAlertPolicyExample =
new azurerm.mssqlManagedInstanceSecurityAlertPolicy.MssqlManagedInstanceSecurityAlertPolicy(
this,
"example",
{
enabled: true,
managed_instance_name: "${azurerm_mssql_managed_instance.test.name}",
resource_group_name: "${azurerm_resource_group.test.name}",
retention_days: 30,
storage_account_access_key:
"${azurerm_storage_account.test.primary_access_key}",
storage_endpoint: "${azurerm_storage_account.test.primary_blob_endpoint}",
}
);
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example_1",
{
location: "West Europe",
name: "example-resources",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermResourceGroupExample.overrideLogicalId("example");
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_2",
{
account_replication_type: "GRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "accteststorageaccount",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageContainerExample =
new azurerm.storageContainer.StorageContainer(this, "example_3", {
container_access_type: "private",
name: "accteststoragecontainer",
storage_account_name: azurermStorageAccountExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageContainerExample.overrideLogicalId("example");
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
this,
"example_4",
{
address_space: ["10.0.0.0/16"],
location: azurermResourceGroupExample.location,
name: "example",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_5", {
address_prefixes: ["10.0.2.0/24"],
name: "example",
resource_group_name: azurermResourceGroupExample.name,
virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermMssqlManagedInstanceExample =
new azurerm.mssqlManagedInstance.MssqlManagedInstance(this, "example_6", {
administrator_login: "missadministrator",
administrator_login_password: "NCC-1701-D",
license_type: "BasePrice",
location: azurermResourceGroupExample.location,
name: "exampleinstance",
resource_group_name: azurermResourceGroupExample.name,
sku_name: "GP_Gen5",
storage_size_in_gb: 32,
subnet_id: azurermSubnetExample.id,
vcores: 4,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlManagedInstanceExample.overrideLogicalId("example");
const azurermMssqlManagedInstanceVulnerabilityAssessmentExample =
new azurerm.mssqlManagedInstanceVulnerabilityAssessment.MssqlManagedInstanceVulnerabilityAssessment(
this,
"example_7",
{
depends_on: [
`\${${azurermMssqlManagedInstanceSecurityAlertPolicyExample.fqn}}`,
],
managed_instance_id: azurermMssqlManagedInstanceExample.id,
recurring_scans: [
{
email_subscription_admins: true,
emails: ["email@example1.com", "email@example2.com"],
enabled: true,
},
],
storage_account_access_key: azurermStorageAccountExample.primaryAccessKey,
storage_container_path: `\${${azurermStorageAccountExample.primaryBlobEndpoint}}\${${azurermStorageContainerExample.name}}/`,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlManagedInstanceVulnerabilityAssessmentExample.overrideLogicalId(
"example"
);
Argument Reference
The following arguments are supported:
-
managedInstanceId
- (Required) The id of the MS SQL Managed Instance. Changing this forces a new resource to be created. -
storageContainerPath
- (Required) A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). -
storageAccountAccessKey
- (Optional) Specifies the identifier key of the storage account for vulnerability assessment scan results. IfstorageContainerSasKey
isn't specified,storageAccountAccessKey
is required.
-> NOTE The storageAccountAccessKey
only applies if the storage account is not behind a virtual network or a firewall.
storageContainerSasKey
- (Optional) A shared access signature (SAS Key) that has write access to the blob container specified instorageContainerPath
parameter. IfstorageAccountAccessKey
isn't specified,storageContainerSasKey
is required.
-> NOTE The storageContainerSasKey
only applies if the storage account is not behind a virtual network or a firewall.
recurringScans
- (Optional) The recurring scans settings. TherecurringScans
block supports fields documented below.
The recurringScans
block supports the following:
enabled
- (Optional) Boolean flag which specifies if recurring scans is enabled or disabled. Defaults tofalse
.emailSubscriptionAdmins
- (Optional) Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults totrue
.emails
- (Optional) Specifies an array of e-mail addresses to which the scan notification is sent.
Attributes Reference
The following attributes are exported:
id
- The ID of the Vulnerability Assessment.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 60 minutes) Used when creating the Vulnerability Assessment.update
- (Defaults to 60 minutes) Used when updating the Vulnerability Assessment.read
- (Defaults to 5 minutes) Used when retrieving the Vulnerability Assessment.delete
- (Defaults to 60 minutes) Used when deleting the Vulnerability Assessment.
Import
The Vulnerability Assessment can be imported using the resourceId
, e.g.