azSqlServer
Deploy an Azure SQL Server to the relevant subscription.
Attributes
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | Yes | |||
| ResourceGroupName | String | Yes | |||
| Location | String | Yes | |||
| MinimalTlsVersion | String | No | 1.0, 1.1, 1.2 | 1.2 | |
| AdminUsername | String | Yes | |||
| Password | Object | Yes | |||
| EnableVulnerabilityAssessments | Boolean | No | True, False | False | |
| EnableAdvancedThreatDetection | Boolean | No | True, False | False | |
| Autotuning | Object | No | |||
| Network | Object | No | |||
| Audit | Object | No | |||
| FailoverGroup | Object | No | Add ONLY to the primary | ||
| Tag | Object | No | |||
| Lock | Object | No |
Autotuning
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| InheritFrom | String | No | AzureDefaults, DontInherit | DontInherit | |
| CreateIndex | String | No | On, Off, Inherit | * | * AzureDefaults(Inherit), DontInherit(Off) |
| DropIndex | String | No | On, Off, Inherit | * | * AzureDefaults(Inherit), DontInherit(Off) |
| ForcePlan | String | No | On, Off, Inherit | * | * AzureDefaults(Inherit), DontInherit(On) |
Network
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| PrivateEndpoint | Object | No | |||
| PublicAccess | Boolean | No | True | ||
| AllowAllAzureIPs | Boolean | No | True | ||
| Firewall | Object | No | |||
| VNet | Object | No |
Firewall Rule
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | Yes | |||
| StartIpAddress | String | Yes | |||
| EndIpAddress | String | Yes |
PublicAccess VNet Rule
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | Yes | |||
| VNetResourceGroupName | String | No | |||
| VNetName | String | Yes | |||
| SubnetName | String | Yes |
Audit
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| PredicateExpression | String | No | |||
| RetentionInDays | Number | No | |||
| ActionGroup | Array | No | APPLICATION_ROLE_CHANGE_PASSWORD_GROUP | See SQL Server Audit Action Groups | |
| AUDIT_CHANGE_GROUP | |||||
| BACKUP_RESTORE_GROUP | |||||
| BATCH_COMPLETED_GROUP | BATCH_COMPLETED_GROUP | ||||
| BATCH_STARTED_GROUP | |||||
| BROKER_LOGIN_GROUP | |||||
| DATABASE_CHANGE_GROUP | |||||
| DATABASE_LOGOUT_GROUP | |||||
| DATABASE_MIRRORING_LOGIN_GROUP | |||||
| DATABASE_OBJECT_ACCESS_GROUP | |||||
| DATABASE_OBJECT_CHANGE_GROUP | |||||
| DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP | |||||
| DATABASE_OBJECT_PERMISSION_CHANGE_GROUP | |||||
| DATABASE_OPERATION_GROUP | |||||
| DATABASE_OWNERSHIP_CHANGE_GROUP | |||||
| DATABASE_PERMISSION_CHANGE_GROUP | |||||
| DATABASE_PRINCIPAL_CHANGE_GROUP | |||||
| DATABASE_PRINCIPAL_IMPERSONATION_GROUP | |||||
| DATABASE_ROLE_MEMBER_CHANGE_GROUP | |||||
| DBCC_GROUP | |||||
| FAILED_DATABASE_AUTHENTICATION_GROUP | FAILED_DATABASE_AUTHENTICATION_GROUP | ||||
| FAILED_LOGIN_GROUP | |||||
| FULLTEXT_GROUP | |||||
| LEDGER_OPERATION_GROUP | |||||
| LOGIN_CHANGE_PASSWORD_GROUP | |||||
| LOGOUT_GROUP | |||||
| SCHEMA_OBJECT_ACCESS_GROUP | |||||
| SCHEMA_OBJECT_CHANGE_GROUP | |||||
| SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP | |||||
| SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP | |||||
| SENSITIVE_BATCH_COMPLETED_GROUP | |||||
| SENSITIVE_BATCH_STARTED_GROUP | |||||
| SENSITIVE_SERVER_OBJECT_CHANGE_GROUP | |||||
| SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP | |||||
| SERVER_OBJECT_PERMISSION_CHANGE_GROUP | |||||
| SERVER_OPERATION_GROUP | |||||
| SERVER_PERMISSION_CHANGE_GROUP | |||||
| SERVER_PRINCIPAL_CHANGE_GROUP | |||||
| SERVER_PRINCIPAL_IMPERSONATION_GROUP | |||||
| SERVER_ROLE_MEMBER_CHANGE_GROUP | |||||
| SERVER_STATE_CHANGE_GROUP | |||||
| SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP | SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP | ||||
| SUCCESSFUL_LOGIN_GROUP | |||||
| TRACE_CHANGE_GROUP | |||||
| TRANSACTION_GROUP | |||||
| USER_CHANGE_PASSWORD_GROUP | |||||
| USER_DEFINED_AUDIT_GROUP | |||||
| Target | Object | Yes |
Audit Target
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Blob | Object | No | |||
| EventHub | Object | No | |||
| LogAnalytics | Object | No |
Audit Target Blob
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| StorageAccount | String | Yes | |||
| ResourceGroupName | String | No | Defaults to RG of resource | ||
| SubscriptionName | String | No | Defaults to Sub of resource | ||
| StorageKeyType | String | Primary, Secondary |
Audit Target EventHub
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | Yes | |||
| Namespace | String | Yes | |||
| ResourceGroupName | String | No | Defaults to RG of resource | ||
| SubscriptionName | String | No | Defaults to Sub of resource | ||
| SharedAccessPolicy | String | Defaults to RootManageSharedAccessKey |
Audit Target LogAnalytics
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Workspace | String | Yes | |||
| ResourceGroupName | String | No | Defaults to RG of resource | ||
| SubscriptionName | String | No | Defaults to Sub of resource |
FailoverGroup
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| Name | String | Yes | |||
| FailoverPolicy | String | No | Automatic (D), Manual | ||
| GracePeriodWithDataLossHours | Number | No | |||
| EnableReadOnlyFailoverToPrimary | Boolean | ||||
| Primary | Object | ||||
| Secondary | Object |
FailoverGroup Secondary
| Attribute | Type | Mandatory | Values | Default | Notes |
|---|---|---|---|---|---|
| ServerName | String | Yes | Server must be in a separate region from primary | ||
| ResourceGroupName | String | Yes | Server must be in a separate region from primary |
Input by YAML
Object model for YAML deployment:
---
azSqlServer:
# Mandatory
- Name: 'string'
ResourceGroupName: 'string'
Location: 'string'
AdminUsername: 'string'
AdminPassword:
# AdminPassword object, only 1 of the following options can have non null values
PlainText:
Value: 'string'
AzureVault:
VaultName: 'string'
SecretName: 'string'
# Optional
EnableVulnerabilityAssessments: boolean # True, False (D)
EnableAdvancedThreatDetection: boolean # True, False (D)
Autotuning:
InheritFrom: 'string' # DontInherit (D), AzureDefaults
CreateIndex: 'string' # On, Off, Inherit, Defaults DontInherit(Off), AzureDefaults(Inherit)
DropIndex: 'string' # On, Off, Inherit, Defaults DontInherit(Off), AzureDefaults(Inherit)
ForcePlan: 'string' # On, On, Inherit, Defaults DontInherit(Off), AzureDefaults(Inherit)
Tag:
'keyvalue-pairs'
Lock:
- Name: 'string'
Level: 'string' # CanNotDelete, ReadOnly
Notes: 'string'
Network:
PrivateEndPoint:
Name: 'string'
Location: 'string'
PrivateLinkName: 'string' # Defaults to pl-resource
NetworkInterfaceName: 'string' # Defaults to pe-nic-resource
ResourceGroupName: 'string' # Defaults to RG of the resource
VirtualNetwork:
VNetName: 'string'
SubnetName: 'string'
ResourceGroupName: 'string' # Defaults to RG of the resource
SubscriptionName: 'string' # Defaults to Sub of the resource
PublicAccess: boolean # True (D), False
AllowAllAzureIPs: boolean # True (D), False
Firewall:
Rule:
- Name: 'string'
StartIpAddress: 'string'
EndIpAddress: 'string'
VNet:
Rule:
- Name: 'string'
VNetResourceGroupName: 'string'
VNetName: 'string'
SubnetName: 'string'
Audit:
PredicateExpression: 'string'
RetentionInDays: number
ActionGroup: [array] # Default all action groups
Target:
Blob:
StorageAccount: 'string'
StorageKeyType: 'string' # Primary, Secondary
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to Sub of resource
EventHub:
Name: 'string'
Namespace: 'string'
SharedAccessPolicy: # RootManageSharedAccessKey (D)
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to Sub of resource
LogAnalytics:
Workspace: 'string'
ResourceGroupName: 'string' # Defaults to RG of resource
SubscriptionName: 'string' # Defaults to Sub of resource
FailoverGroup:
# Mandatory
- Name: 'string'
FailoverPolicy: 'string' # Automatic (D), Manual
GracePeriodWithDataLossHours: number # Ignored for manual failover
# Optional
ResourceGroupName: 'string' # Defaults to RG of resource
EnableReadOnlyFailoverToPrimary: boolean # True (D), False
Secondary:
ServerName: 'string'
ResourceGroupName: 'string' # Defaults to RG of resource
Input by JSON
Object model for JSON deployment:
{
"azSqlServer": [
{
"Name": "string",
"ResourceGroupName": "string",
"Location": "string",
"AdminUsername": "string",
"AdminPassword": {
"Location": "string",
"PlainText": {
"Value": "string"
},
"AzureVault": {
"VaultName": "string",
"SecretName": "string"
}
},
"EnableVulnerabilityAssessments": boolean,
"EnableAdvancedThreatDetection": boolean,
"Autotuning": [
{
"InheritFrom": "string",
"CreateIndex": "string",
"DropIndex": "string",
"ForcePlan": "string"
}
],
"Tag": {
"key": "value"
},
"Lock": [
{
"Name": "string",
"Level": "string",
"Notes": "string"
}
],
"Network": {
"PrivateEndPoint": {
"Name": "string",
"Location": "string",
"PrivateLinkName": "string",
"NetworkInterfaceName": "string",
"ResourceGroupName": "string",
"VirtualNetwork": {
"VNetName": "string",
"SubnetName": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
}
},
"PublicAccess": boolean,
"AllowAllAzureIPs": boolean,
"Firewall": {
"Rule": [
{
"Name": "string",
"StartIpAddress": "string",
"EndIpAddress": "string"
}
]
},
"VNet": {
"Rule": [
{
"Name": "string",
"VNetResourceGroupName": "string",
"VNetName": "string",
"SubnetName": "string"
}
]
}
},
"Audit": {
"AuditActionGroup": [array],
"PredicateExpression": "string",
"RetentionInDays": number,
"Target": {
"Blob": {
"StorageAccount": "string",
"StorageKeyType": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
},
"EventHub": {
"Name": "string",
"Namespace": "string",
"SharedAccessPolicy": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
},
"LogAnalytics": {
"Workspace": "string",
"ResourceGroupName": "string",
"SubscriptionName": "string"
}
}
}
}
]
}