azSqlServer

Use the resource azSqlServer to deploy an Azure SQL Server to the relevant subscription.

Attributes

Attribute Type Mandatory Values Default Notes
Name String Yes
ResourceGroupName String Yes
Location String Yes
MinimalTlsVersion String No 1.0, 1.1, 1.2 1.2
AdminUsername String Yes
Password Object Yes
EnableVulnerabilityAssessments Boolean No True, False False
EnableAdvancedThreatDetection Boolean No True, False False
Autotuning Object No
Network Object No
Audit Object No
FailoverGroup Object No Add ONLY to the primary
Tag Object No
Lock Object No

Autotuning

Attribute Type Mandatory Values Default Notes
InheritFrom String No AzureDefaults, DontInherit DontInherit
CreateIndex String No On, Off, Inherit * * AzureDefaults(Inherit), DontInherit(Off)
DropIndex String No On, Off, Inherit * * AzureDefaults(Inherit), DontInherit(Off)
ForcePlan String No On, Off, Inherit * * AzureDefaults(Inherit), DontInherit(On)

Network

Attribute Type Mandatory Values Default Notes
PrivateEndpoint Object No
PublicAccess Boolean No True
AllowAllAzureIPs Boolean No True
Firewall Object No
VNet Object No

Firewall Rule

Attribute Type Mandatory Values Default Notes
Name String Yes
StartIpAddress String Yes
EndIpAddress String Yes

PublicAccess VNet Rule

Attribute Type Mandatory Values Default Notes
Name String Yes
VNetResourceGroupName String No
VNetName String Yes
SubnetName String Yes

Audit

Attribute Type Mandatory Values Default Notes
PredicateExpression String No
RetentionInDays Number No
ActionGroup Array No APPLICATION_ROLE_CHANGE_PASSWORD_GROUP See SQL Server Audit Action Groups
AUDIT_CHANGE_GROUP
BACKUP_RESTORE_GROUP
BATCH_COMPLETED_GROUP BATCH_COMPLETED_GROUP
BATCH_STARTED_GROUP
BROKER_LOGIN_GROUP
DATABASE_CHANGE_GROUP
DATABASE_LOGOUT_GROUP
DATABASE_MIRRORING_LOGIN_GROUP
DATABASE_OBJECT_ACCESS_GROUP
DATABASE_OBJECT_CHANGE_GROUP
DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
DATABASE_OPERATION_GROUP
DATABASE_OWNERSHIP_CHANGE_GROUP
DATABASE_PERMISSION_CHANGE_GROUP
DATABASE_PRINCIPAL_CHANGE_GROUP
DATABASE_PRINCIPAL_IMPERSONATION_GROUP
DATABASE_ROLE_MEMBER_CHANGE_GROUP
DBCC_GROUP
FAILED_DATABASE_AUTHENTICATION_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP
FAILED_LOGIN_GROUP
FULLTEXT_GROUP
LEDGER_OPERATION_GROUP
LOGIN_CHANGE_PASSWORD_GROUP
LOGOUT_GROUP
SCHEMA_OBJECT_ACCESS_GROUP
SCHEMA_OBJECT_CHANGE_GROUP
SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SENSITIVE_BATCH_COMPLETED_GROUP
SENSITIVE_BATCH_STARTED_GROUP
SENSITIVE_SERVER_OBJECT_CHANGE_GROUP
SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP
SERVER_OBJECT_PERMISSION_CHANGE_GROUP
SERVER_OPERATION_GROUP
SERVER_PERMISSION_CHANGE_GROUP
SERVER_PRINCIPAL_CHANGE_GROUP
SERVER_PRINCIPAL_IMPERSONATION_GROUP
SERVER_ROLE_MEMBER_CHANGE_GROUP
SERVER_STATE_CHANGE_GROUP
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
SUCCESSFUL_LOGIN_GROUP
TRACE_CHANGE_GROUP
TRANSACTION_GROUP
USER_CHANGE_PASSWORD_GROUP
USER_DEFINED_AUDIT_GROUP
Target Object Yes

Audit Target

Attribute Type Mandatory Values Default Notes
Blob Object No
EventHub Object No
LogAnalytics Object No

Audit Target Blob

Attribute Type Mandatory Values Default Notes
StorageAccount String Yes
ResourceGroupName String No Defaults to RG of resource
SubscriptionName String No Defaults to Sub of resource
StorageKeyType String Primary, Secondary

Audit Target EventHub

Attribute Type Mandatory Values Default Notes
Name String Yes
Namespace String Yes
ResourceGroupName String No Defaults to RG of resource
SubscriptionName String No Defaults to Sub of resource
SharedAccessPolicy String Defaults to RootManageSharedAccessKey

Audit Target LogAnalytics

Attribute Type Mandatory Values Default Notes
Workspace String Yes
ResourceGroupName String No Defaults to RG of resource
SubscriptionName String No Defaults to Sub of resource

FailoverGroup

Attribute Type Mandatory Values Default Notes
Name String Yes
FailoverPolicy String No Automatic (D), Manual
GracePeriodWithDataLossHours Number No
EnableReadOnlyFailoverToPrimary Boolean
Primary Object
Secondary Object

FailoverGroup Secondary

Attribute Type Mandatory Values Default Notes
ServerName String Yes Server must be in a separate region from primary
ResourceGroupName String Yes Server must be in a separate region from primary

Input by YAML

Object model for YAML deployment:

---
azSqlServer:
    # Mandatory
  - Name: 'string'
    ResourceGroupName: 'string'
    Location: 'string'
    AdminUsername: 'string'
    AdminPassword:
      # AdminPassword object, only 1 of the following options can have non null values
      PlainText: 
        Value: 'string'
      AzureVault: 
        VaultName: 'string'
        SecretName: 'string'
    # Optional
    EnableVulnerabilityAssessments: boolean             # True, False (D)
    EnableAdvancedThreatDetection:  boolean             # True, False (D)

    Autotuning:
      InheritFrom: 'string'                             # DontInherit (D), AzureDefaults
      CreateIndex: 'string'                             # On, Off, Inherit, Defaults  DontInherit(Off), AzureDefaults(Inherit)
      DropIndex: 'string'                               # On, Off, Inherit, Defaults  DontInherit(Off), AzureDefaults(Inherit)
      ForcePlan: 'string'                               # On, On, Inherit, Defaults  DontInherit(Off), AzureDefaults(Inherit)

    Tag: 
      'keyvalue-pairs'
    Lock:
      - Name: 'string'
        Level: 'string'                                 # CanNotDelete, ReadOnly
        Notes: 'string'
    Network:
      PrivateEndPoint:
        Name: 'string'
        Location: 'string'
        PrivateLinkName: 'string'                       # Defaults to pl-resource
        NetworkInterfaceName: 'string'                  # Defaults to pe-nic-resource
        ResourceGroupName: 'string'                     # Defaults to RG of the resource
        VirtualNetwork:
          VNetName: 'string'
          SubnetName: 'string'
          ResourceGroupName: 'string'                   # Defaults to RG of the resource
          SubscriptionName: 'string'                    # Defaults to Sub of the resource
      PublicAccess: boolean                             # True (D), False
      AllowAllAzureIPs: boolean                         # True (D), False
      Firewall:
        Rule:
          - Name: 'string'
            StartIpAddress: 'string'
            EndIpAddress: 'string'
      VNet:
        Rule:
          - Name: 'string'
            VNetResourceGroupName: 'string'
            VNetName: 'string'
            SubnetName: 'string'
    Audit:
      PredicateExpression: 'string'
      RetentionInDays: number
      ActionGroup: [array]                              # Default all action groups
      Target:
        Blob:
          StorageAccount: 'string'
          StorageKeyType: 'string'                      # Primary, Secondary
          ResourceGroupName: 'string'                   # Defaults to RG of resource
          SubscriptionName: 'string'                    # Defaults to Sub of resource
        EventHub:
          Name: 'string'
          Namespace: 'string'
          SharedAccessPolicy:                           # RootManageSharedAccessKey (D)
          ResourceGroupName: 'string'                   # Defaults to RG of resource
          SubscriptionName: 'string'                    # Defaults to Sub of resource
        LogAnalytics:
          Workspace: 'string'
          ResourceGroupName: 'string'                   # Defaults to RG of resource
          SubscriptionName: 'string'                    # Defaults to Sub of resource
    FailoverGroup:
        # Mandatory
      - Name: 'string'
        FailoverPolicy: 'string'                        # Automatic (D), Manual
        GracePeriodWithDataLossHours: number            # Ignored for manual failover
        # Optional
        ResourceGroupName: 'string'                     # Defaults to RG of resource
        EnableReadOnlyFailoverToPrimary: boolean        # True (D), False
        Secondary:
          ServerName: 'string'
          ResourceGroupName: 'string'                   # Defaults to RG of resource

Input by JSON

Object model for JSON deployment:

{
  "azSqlServer": [
    {
      "Name": "string",
      "ResourceGroupName": "string",
      "Location": "string",
      "AdminUsername": "string",
      "AdminPassword": {
        "Location": "string",
        "PlainText": {
          "Value": "string"
        },
        "AzureVault": {
          "VaultName": "string",
          "SecretName": "string"
        }
      },
      "EnableVulnerabilityAssessments": boolean,
      "EnableAdvancedThreatDetection": boolean,
      "Autotuning": [
        {
          "InheritFrom": "string",
          "CreateIndex": "string",
          "DropIndex": "string",
          "ForcePlan": "string"
        }
      ],
      "Tag": {
        "key": "value"
      },
      "Lock": [
        {
          "Name": "string",
          "Level": "string",
          "Notes": "string"
        }
      ],
      "Network": {
        "PrivateEndPoint": {
          "Name": "string",
          "Location": "string",
          "PrivateLinkName": "string",
          "NetworkInterfaceName": "string",
          "ResourceGroupName": "string",
          "VirtualNetwork": {
            "VNetName": "string",
            "SubnetName": "string",
            "ResourceGroupName": "string",
            "SubscriptionName": "string"
          }
        },
        "PublicAccess": boolean,
        "AllowAllAzureIPs": boolean,
        "Firewall": {
          "Rule": [
            {
              "Name": "string",
              "StartIpAddress": "string",
              "EndIpAddress": "string"
            }
          ]
        },
        "VNet": {
          "Rule": [
            {
              "Name": "string",
              "VNetResourceGroupName": "string",
              "VNetName": "string",
              "SubnetName": "string"
            }
          ]
        }
      },
      "Audit": {
        "AuditActionGroup": [array],
        "PredicateExpression": "string",
        "RetentionInDays": number,
        "Target": {
          "Blob": {
            "StorageAccount": "string",
            "StorageKeyType": "string",
            "ResourceGroupName": "string",
            "SubscriptionName": "string"
          },
          "EventHub": {
            "Name": "string",
            "Namespace": "string",
            "SharedAccessPolicy": "string",
            "ResourceGroupName": "string",
            "SubscriptionName": "string"
          },
          "LogAnalytics": {
            "Workspace": "string",
            "ResourceGroupName": "string",
            "SubscriptionName": "string"
          }
        }
      }
    }
  ]
}