Add an example of sql security alert policy (#241)

* add example of sql security alert policy --------- Co-authored-by: Nanxuan Xu <nanxu@microsoft.com>
2023-09-04 10:24:34 +08:00
parent 9a2f9b8af3
commit 8659e09ccb
4 changed files with 104 additions and 0 deletions
--- a/quickstart/101-sql-security-alert-policy/main.tf
+++ b/quickstart/101-sql-security-alert-policy/main.tf
@ -0,0 +1,46 @@
+resource "random_pet" "rg_name" {
+  prefix = var.resource_group_name_prefix
+}
+
+resource "azurerm_resource_group" "rg" {
+  name     = random_pet.rg_name.id
+  location = var.resource_group_location
+}
+
+resource "random_pet" "azurerm_mssql_server_name" {
+  prefix = "sql"
+}
+
+resource "random_password" "admin_password" {
+  count       = var.admin_password == null ? 1 : 0
+  length      = 20
+  special     = true
+  min_numeric = 1
+  min_upper   = 1
+  min_lower   = 1
+  min_special = 1
+}
+
+locals {
+  admin_password = try(random_password.admin_password[0].result, var.admin_password)
+}
+
+resource "azurerm_mssql_server" "server" {
+  name                         = random_pet.azurerm_mssql_server_name.id
+  resource_group_name          = azurerm_resource_group.rg.name
+  location                     = azurerm_resource_group.rg.location
+  administrator_login          = var.admin_username
+  administrator_login_password = local.admin_password
+  version                      = "12.0"
+}
+
+resource "azurerm_mssql_server_security_alert_policy" "example" {
+  resource_group_name        = azurerm_resource_group.rg.name
+  server_name                = azurerm_mssql_server.server.name
+  state                      = "Enabled"
+  disabled_alerts = [
+    "Sql_Injection",
+    "Data_Exfiltration"
+  ]
+  retention_days = 20
+}