Terraform module to create mssql-db resource on AZURE.
We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure.
This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
We have fifty plus terraform modules. A few of them are comepleted and are available for open source usage while a few others are in progress.
This module has a few dependencies:
IMPORTANT: Since the master
branch used in source
varies based on new modifications, we suggest that you use the release versions here.
Here is an example of how you can use this module in your inventory structure:
module "mssql-server" {
source = "clouddrove/mssql-db/azure"
name = "app"
environment = "test"
label_order = ["environment", "name"]
create_resource_group = false
resource_group_name = module.resource_group.resource_group_name
location = module.resource_group.resource_group_location
sqlserver_name = "mssqldbserver"
database_name = "demomssqldb"
sql_database_edition = "Standard"
sqldb_service_objective_name = "S1"
sql_server_version = "12.0"
enable_threat_detection_policy = true
enable_private_endpoint = true
virtual_network_name = module.vnet.vnet_name[0]
private_subnet_address_prefix = ["10.0.3.0/24"]
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
ad_admin_login_name | The login name of the principal to set as the server administrator | string |
null |
no |
admin_password | The password associated with the admin_username user | string |
null |
no |
admin_username | The administrator login name for the new SQL Server | string |
null |
no |
create_resource_group | Whether to create resource group and use it for all networking resources | bool |
true |
no |
create_storage_account | Make it true to create storage account for the audit policies. | bool |
false |
no |
database_name | The name of the database | string |
"" |
no |
disabled_alerts | Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action. | list(any) |
[] |
no |
email_addresses_for_alerts | A list of email addresses which alerts should be sent to. | list(any) |
[] |
no |
enable_database_extended_auditing_policy | Manages Extended Audit policy for SQL database | bool |
false |
no |
enable_databases_extended_auditing_policy | Whether to enable the extended auditing policy. Possible values are true and false. Defaults to true. | bool |
true |
no |
enable_extended_auditing_policy | Whether to enable the extended auditing policy. Possible values are true and false. Defaults to true. | bool |
true |
no |
enable_failover_group | Create a failover group of databases on a collection of Azure SQL servers | bool |
false |
no |
enable_firewall_rules | Manage an Azure SQL Firewall Rule | bool |
false |
no |
enable_log_monitoring | Enable audit events to Azure Monitor? | bool |
false |
no |
enable_private_endpoint | Manages a Private Endpoint to SQL database | bool |
false |
no |
enable_sql_server_extended_auditing_policy | Manages Extended Audit policy for SQL servers | bool |
false |
no |
enable_threat_detection_policy | n/a | bool |
false |
no |
enable_vulnerability_assessment | Manages the Vulnerability Assessment for a MS SQL Server | bool |
false |
no |
environment | Project environment | string |
"" |
no |
existing_private_dns_zone | Name of the existing private DNS zone | string |
null |
no |
existing_subnet_id | The resource id of existing subnet | string |
null |
no |
existing_vnet_id | The resoruce id of existing Virtual network | string |
null |
no |
extaudit_diag_logs | Database Monitoring Category details for Azure Diagnostic setting | list |
[ |
no |
firewall_rules | Range of IP addresses to allow firewall connections. | list(object({ |
[] |
no |
identity | If you want your SQL Server to have an managed identity. Defaults to false. | bool |
false |
no |
initialize_sql_script_execution | Allow/deny to Create and initialize a Microsoft SQL Server database | bool |
false |
no |
label_order | Label order, e.g. sequence of application name and environment name ,environment ,'attribute' [webserver ,qa ,devops ,public ,] . |
list(any) |
[ |
no |
location | The location/region to keep all your network resources. To get the list of all locations with table format from azure cli, run 'az account list-locations -o table' | string |
"" |
no |
log_analytics_workspace_id | Specifies the ID of a Log Analytics Workspace where Diagnostics Data to be sent | string |
null |
no |
log_retention_days | Specifies the number of days to keep in the Threat Detection audit logs | string |
"30" |
no |
managedby | ManagedBy, eg ''. | string |
"" |
no |
minimum_tls_version | The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server. Valid values are: 1.0, 1.1 , 1.2 and Disabled. Defaults to 1.2. | string |
"1.2" |
no |
name | Name (e.g. app or cluster ). |
string |
"" |
no |
private_subnet_address_prefix | The name of the subnet for private endpoints | string |
null |
no |
random_password_length | The desired length of random password created by this module | number |
32 |
no |
repository | Terraform current module repo | string |
"" |
no |
resource_group_name | A container that holds related resources for an Azure solution | string |
"" |
no |
secondary_sql_server_location | Specifies the supported Azure location to create secondary sql server resource | string |
"northeurope" |
no |
sql_database_edition | The edition of the database to be created | string |
"Standard" |
no |
sql_server_version | The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server) | string |
null |
no |
sqldb_init_script_file | SQL Script file name to create and initialize the database | string |
"" |
no |
sqldb_service_objective_name | The service objective name for the database | string |
"S1" |
no |
sqlserver_name | SQL server Name | string |
"" |
no |
storage_account_access_key | The primary access key for the storage account. | string |
null |
no |
storage_account_blob_endpoint | The endpoint URL for blob storage in the primary location. | string |
null |
no |
storage_account_id | The name of the storage account to store the all monitoring logs | string |
null |
no |
storage_account_name | The name of the storage account name | string |
null |
no |
tags | A map of tags to add to all resources | map(string) |
{} |
no |
threat_detection_audit_logs_retention_days | Specifies the number of days to keep in the Threat Detection audit logs. | number |
0 |
no |
virtual_network_name | The name of the virtual network | string |
"" |
no |
Name | Description |
---|---|
primary_sql_server_fqdn | The fully qualified domain name of the primary Azure SQL Server |
primary_sql_server_id | The primary Microsoft SQL Server ID |
primary_sql_server_private_endpoint | id of the Primary SQL server Private Endpoint |
primary_sql_server_private_endpoint_fqdn | Priamary SQL server private endpoint IPv4 Addresses |
primary_sql_server_private_endpoint_ip | Priamary SQL server private endpoint IPv4 Addresses |
resource_group_location | The location of the resource group in which resources are created |
resource_group_name | The name of the resource group in which resources are created |
secondary_sql_server_fqdn | The fully qualified domain name of the secondary Azure SQL Server |
secondary_sql_server_id | The secondary Microsoft SQL Server ID |
secondary_sql_server_private_endpoint | id of the Primary SQL server Private Endpoint |
secondary_sql_server_private_endpoint_fqdn | Secondary SQL server private endpoint IPv4 Addresses |
secondary_sql_server_private_endpoint_ip | Secondary SQL server private endpoint IPv4 Addresses |
sql_database_id | The SQL Database ID |
sql_database_name | The SQL Database Name |
sql_failover_group_id | A failover group of databases on a collection of Azure SQL servers. |
sql_server_admin_password | SQL database administrator login password |
sql_server_admin_user | SQL database administrator login id |
sql_server_private_dns_zone_domain | DNS zone name of SQL server Private endpoints dns name records |
storage_account_id | The ID of the storage account |
storage_account_name | The name of the storage account |
In this module testing is performed with terratest and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a GO environment in your system.
You need to run the following command in the testing folder:
go test -run Test
If you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at hello@clouddrove.com.
If you have found it worth your time, go ahead and give us a ★ on our GitHub!
At CloudDrove, we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
We are The Cloud Experts!
We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.