azurermSynapseSqlPoolExtendedAuditingPolicy

Manages a Synapse SQL Pool Extended Auditing Policy.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermStorageAccountAuditLogs =
  new azurerm.storageAccount.StorageAccount(this, "audit_logs", {
    account_replication_type: "LRS",
    account_tier: "Standard",
    location: azurermResourceGroupExample.location,
    name: "examplesa",
    resource_group_name: azurermResourceGroupExample.name,
  });
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
  this,
  "example_2",
  {
    account_kind: "BlobStorage",
    account_replication_type: "LRS",
    account_tier: "Standard",
    location: azurermResourceGroupExample.location,
    name: "examplestorageacc",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageDataLakeGen2FilesystemExample =
  new azurerm.storageDataLakeGen2Filesystem.StorageDataLakeGen2Filesystem(
    this,
    "example_3",
    {
      name: "example",
      storage_account_id: azurermStorageAccountExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageDataLakeGen2FilesystemExample.overrideLogicalId("example");
const azurermSynapseWorkspaceExample =
  new azurerm.synapseWorkspace.SynapseWorkspace(this, "example_4", {
    identity: [
      {
        type: "SystemAssigned",
      },
    ],
    location: azurermResourceGroupExample.location,
    name: "example",
    resource_group_name: azurermResourceGroupExample.name,
    sql_administrator_login: "sqladminuser",
    sql_administrator_login_password: "H@Sh1CoR3!",
    storage_data_lake_gen2_filesystem_id:
      azurermStorageDataLakeGen2FilesystemExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseWorkspaceExample.overrideLogicalId("example");
const azurermSynapseSqlPoolExample = new azurerm.synapseSqlPool.SynapseSqlPool(
  this,
  "example_5",
  {
    create_mode: "Default",
    name: "examplesqlpool",
    sku_name: "DW100c",
    synapse_workspace_id: azurermSynapseWorkspaceExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolExample.overrideLogicalId("example");
const azurermSynapseSqlPoolExtendedAuditingPolicyExample =
  new azurerm.synapseSqlPoolExtendedAuditingPolicy.SynapseSqlPoolExtendedAuditingPolicy(
    this,
    "example_6",
    {
      retention_in_days: 6,
      sql_pool_id: azurermSynapseSqlPoolExample.id,
      storage_account_access_key:
        azurermStorageAccountAuditLogs.primaryAccessKey,
      storage_account_access_key_is_secondary: false,
      storage_endpoint: azurermStorageAccountAuditLogs.primaryBlobEndpoint,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolExtendedAuditingPolicyExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

sqlPoolId - (Required) The ID of the Synapse SQL pool to set the extended auditing policy. Changing this forces a new resource to be created.
storageEndpoint - (Optional) The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all extended auditing logs.
retentionInDays - (Optional) The number of days to retain logs for in the storage account. Defaults to 0.
storageAccountAccessKey - (Optional) The access key to use for the auditing storage account.
storageAccountAccessKeyIsSecondary - (Optional) Is storageAccountAccessKey value the storage's secondary key?
logMonitoringEnabled - (Optional) Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its master database audit events to Azure Monitor. Defaults to true.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

id - The ID of the Synapse SQL Pool Extended Auditing Policy.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 30 minutes) Used when creating the Synapse SQL Pool Extended Auditing Policy.
read - (Defaults to 5 minutes) Used when retrieving the Synapse SQL Pool Extended Auditing Policy.
update - (Defaults to 30 minutes) Used when updating the Synapse SQL Pool Extended Auditing Policy.
delete - (Defaults to 30 minutes) Used when deleting the Synapse SQL Pool Extended Auditing Policy.

Import

Synapse SQL Pool Extended Auditing Policys can be imported using the resourceId, e.g.

terraform import azurerm_synapse_sql_pool_extended_auditing_policy.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/sqlPools/sqlPool1/extendedAuditingSettings/default