azurermSynapseSqlPoolSecurityAlertPolicy
Manages a Security Alert Policy for a Synapse SQL Pool.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermStorageAccountAuditLogs =
new azurerm.storageAccount.StorageAccount(this, "audit_logs", {
account_replication_type: "LRS",
account_tier: "Standard",
location: azurermResourceGroupExample.location,
name: "examplesa",
resource_group_name: azurermResourceGroupExample.name,
});
const azurermStorageAccountExample = new azurerm.storageAccount.StorageAccount(
this,
"example_2",
{
account_kind: "StorageV2",
account_replication_type: "LRS",
account_tier: "Standard",
is_hns_enabled: "true",
location: azurermResourceGroupExample.location,
name: "examplestorageacc",
resource_group_name: azurermResourceGroupExample.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageAccountExample.overrideLogicalId("example");
const azurermStorageDataLakeGen2FilesystemExample =
new azurerm.storageDataLakeGen2Filesystem.StorageDataLakeGen2Filesystem(
this,
"example_3",
{
name: "example",
storage_account_id: azurermStorageAccountExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermStorageDataLakeGen2FilesystemExample.overrideLogicalId("example");
const azurermSynapseWorkspaceExample =
new azurerm.synapseWorkspace.SynapseWorkspace(this, "example_4", {
aad_admin: [
{
login: "AzureAD Admin",
object_id: "00000000-0000-0000-0000-000000000000",
tenant_id: "00000000-0000-0000-0000-000000000000",
},
],
identity: [
{
type: "SystemAssigned",
},
],
location: azurermResourceGroupExample.location,
name: "example",
resource_group_name: azurermResourceGroupExample.name,
sql_administrator_login: "sqladminuser",
sql_administrator_login_password: "H@Sh1CoR3!",
storage_data_lake_gen2_filesystem_id:
azurermStorageDataLakeGen2FilesystemExample.id,
tags: {
Env: "production",
},
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseWorkspaceExample.overrideLogicalId("example");
const azurermSynapseSqlPoolExample = new azurerm.synapseSqlPool.SynapseSqlPool(
this,
"example_5",
{
create_mode: "Default",
name: "examplesqlpool",
sku_name: "DW100c",
synapse_workspace_id: azurermSynapseWorkspaceExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolExample.overrideLogicalId("example");
const azurermSynapseSqlPoolSecurityAlertPolicyExample =
new azurerm.synapseSqlPoolSecurityAlertPolicy.SynapseSqlPoolSecurityAlertPolicy(
this,
"example_6",
{
disabled_alerts: ["Sql_Injection", "Data_Exfiltration"],
policy_state: "Enabled",
retention_days: 20,
sql_pool_id: azurermSynapseSqlPoolExample.id,
storage_account_access_key:
azurermStorageAccountAuditLogs.primaryAccessKey,
storage_endpoint: azurermStorageAccountAuditLogs.primaryBlobEndpoint,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSynapseSqlPoolSecurityAlertPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
sqlPoolId- (Required) Specifies the ID of the Synapse SQL Pool. Changing this forces a new resource to be created. -
policyState- (Required) Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific SQL pool. Possible values aredisabled,enabledandnew. -
disabledAlerts- (Optional) Specifies an array of alerts that are disabled. Allowed values are:sqlInjection,sqlInjectionVulnerability,accessAnomaly,dataExfiltration,unsafeAction. -
emailAccountAdminsEnabled- (Optional) Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults tofalse. -
emailAddresses- (Optional) Specifies an array of email addresses to which the alert is sent. -
retentionDays- (Optional) Specifies the number of days to keep in the Threat Detection audit logs. Defaults to0. -
storageAccountAccessKey- (Optional) Specifies the identifier key of the Threat Detection audit storage account. -
storageEndpoint- (Optional) Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
Attributes Reference
The following attributes are exported:
id- The ID of the Synapse SQL Pool Security Alert Policy.
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 30 minutes) Used when creating the Synapse SQL Pool Security Alert Policy.update- (Defaults to 30 minutes) Used when updating the Synapse SQL Pool Security Alert Policy.read- (Defaults to 5 minutes) Used when retrieving the Synapse SQL Pool Security Alert Policy.delete- (Defaults to 30 minutes) Used when deleting the Synapse SQL Pool Security Alert Policy.
Import
Synapse SQL Pool Security Alert Policies can be imported using the resourceId, e.g.