Skip to content

azurermMssqlServer

Manages a Microsoft SQL Azure Database Server.

\~> Note: All arguments including the administrator login and password will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "database-rg",
  }
);
const azurermMssqlServerExample = new azurerm.mssqlServer.MssqlServer(
  this,
  "example_1",
  {
    administrator_login: "missadministrator",
    administrator_login_password: "thisIsKat11",
    azuread_administrator: [
      {
        login_username: "AzureAD Admin",
        object_id: "00000000-0000-0000-0000-000000000000",
      },
    ],
    location: azurermResourceGroupExample.location,
    minimum_tls_version: "1.2",
    name: "mssqlserver",
    resource_group_name: azurermResourceGroupExample.name,
    tags: {
      environment: "production",
    },
    version: "12.0",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMssqlServerExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the Microsoft SQL Server. This needs to be globally unique within Azure. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the resource group in which to create the Microsoft SQL Server. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • version - (Required) The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server). Changing this forces a new resource to be created.

  • administratorLogin - (Optional) The administrator login name for the new server. Required unless azureadAuthenticationOnly in the azureadAdministrator block is true. When omitted, Azure will generate a default username which cannot be subsequently changed. Changing this forces a new resource to be created.

  • administratorLoginPassword - (Optional) The password associated with the administratorLogin user. Needs to comply with Azure's Password Policy. Required unless azureadAuthenticationOnly in the azureadAdministrator block is true.

  • azureadAdministrator - (Optional) An azureadAdministrator block as defined below.

  • connectionPolicy - (Optional) The connection policy the server will use. Possible values are default, proxy, and redirect. Defaults to default.

  • identity - (Optional) An identity block as defined below.

  • minimumTlsVersion - (Optional) The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server. Valid values are: 10, 11 , 12 and disabled. Defaults to 12.

\~> NOTE: The minimumTlsVersion is set to disabled means all TLS versions are allowed. After you enforce a version of minimumTlsVersion, it's not possible to revert to disabled.

  • publicNetworkAccessEnabled - (Optional) Whether public network access is allowed for this server. Defaults to true.

  • outboundNetworkRestrictionEnabled - (Optional) Whether outbound network traffic is restricted for this server. Defaults to false.

  • primaryUserAssignedIdentityId - (Optional) Specifies the primary user managed identity id. Required if type is userAssigned and should be combined with identityIds.

  • tags - (Optional) A mapping of tags to assign to the resource.

An identity block supports the following:

  • type - (Required) Specifies the type of Managed Service Identity that should be configured on this SQL Server. Possible values are systemAssigned, userAssigned.

  • identityIds - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Server.

\~> NOTE: This is required when type is set to userAssigned

\~> NOTE: When type is set to systemAssigned, the assigned principalId and tenantId can be retrieved after the Microsoft SQL Server has been created. More details are available below.

An azureadAdministrator block supports the following:

  • loginUsername - (Required) The login username of the Azure AD Administrator of this SQL Server.

  • objectId - (Required) The object id of the Azure AD Administrator of this SQL Server.

  • tenantId - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.

  • azureadAuthenticationOnly - (Optional) Specifies whether only AD Users and administrators (like azureadAdministrator0LoginUsername) can be used to login, or also local database users (like administratorLogin). When true, the administratorLogin and administratorLoginPassword properties can be omitted.

Attributes Reference

The following attributes are exported:

  • id - the Microsoft SQL Server ID.

  • fullyQualifiedDomainName - The fully qualified domain name of the Azure SQL Server (e.g. myServerName.database.windows.net)

  • restorableDroppedDatabaseIds - A list of dropped restorable database IDs on the server.

A identity block exports the following:

  • principalId - The Principal ID for the Service Principal associated with the Identity of this SQL Server.

  • tenantId - The Tenant ID for the Service Principal associated with the Identity of this SQL Server.

-> You can access the Principal ID via azurermMssqlServerExampleIdentity0PrincipalId and the Tenant ID via azurermMssqlServerExampleIdentity0TenantId

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 60 minutes) Used when creating the Microsoft SQL Server.
  • update - (Defaults to 60 minutes) Used when updating the Microsoft SQL Server.
  • read - (Defaults to 5 minutes) Used when retrieving the Microsoft SQL Server.
  • delete - (Defaults to 60 minutes) Used when deleting the Microsoft SQL Server.

Import

SQL Servers can be imported using the resourceId, e.g.

terraform import azurerm_mssql_server.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Sql/servers/myserver