The following input variables are required:
Description: Specifies whether only AD Users and administrators can be used to login, or also local database users.
Type: bool
Description: Name of the Key Vault in which the admin credentials are put
Type: string
Description: The location/region where the SQL Server is created.
Type: string
Description: id of the log analytics workspace to send resource logging to via diagnostic settings
Type: string
Description: Controls what logs will be enabled for the database
Type: list(string)
Description: Controls what metrics will be enabled for the database
Type: list(string)
Description: Controls what logs will be enabled for the sql server
Type: list(string)
Description: Controls what metrics will be enabled for the sql server
Type: list(string)
Description: The name of the Azure MSSQL Server.
Type: string
Description: Name of storage account primary endpoint
Type: string
Description: Consolidated properties for the Function App Private Endpoint.
Type:
object({
private_dns_zone_ids_sql = optional(list(string), [])
private_endpoint_enabled = optional(bool, false)
private_endpoint_subnet_id = optional(string, "")
private_endpoint_resource_group_name = optional(string, "")
private_service_connection_is_manual = optional(bool, false)
})Description: The name of the resource group in which to create the SQL Server. Changing this forces a new resource to be created.
Type: string
Description: Name of the Entra ID group with permissions to manage the SQL Server
Type: string
Description: The object ID from EntraID for SQL Server Admin.
Type: string
Description: Controls the sql server alert policy state
Type: string
Description: Name of the User Assigned Identity for SQL Server
Type: string
Description: Id of the storage account to send audit logging to
Type: string
Description: Name of the storage account to send audit logging to (unused)
Type: string
Description: Storage container id to save audit data to
Type: string
The following input variables are optional (have default values):
Description: ID of the action group to notify.
Type: string
Default: null
Description: If alerting is enabled this will control what the cpu threshold will be, default will be 90.
Type: number
Default: 90
Description: The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly.
Type: string
Default: "PT5M"
Description: number of days for audit log policies
Type: number
Default: 6
Description: Specifies the collation of the database. Changing this forces a new resource to be created.
Type: string
Default: "SQL_Latin1_General_CP1_CI_AS"
Description: Enable extended auditing policy for SQL database
Type: bool
Default: true
Description: The name of the MS SQL Database. Changing this forces a new resource to be created.
Type: string
Default: "baseline"
Description: Whether monitoring and alerting is enabled for the Azure SQL Server.
Type: bool
Default: false
Description: If the FW rule enabling Azure Services Passthrough should be deployed.
Type:
map(object({
start_ip_address = optional(string, "")
end_ip_address = optional(string, "")
}))Default: {}
Description: Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice
Type: string
Default: "LicenseIncluded"
Description: Default value for Log Monitoring Enabled
Type: bool
Default: true
Description: The long term retention policy for the database
Type:
object({
weekly_retention = optional(string, null)
monthly_retention = optional(string, null)
yearly_retention = optional(string, null)
week_of_year = optional(number, null)
})Default: {}
Description: The max size of the database in gigabytes
Type: number
Default: 5
Description: Specifies whether or not public network access is allowed for this server.
Type: bool
Default: false
Description: If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
Type: bool
Default: false
Description: number of days for security alert log policies
Type: number
Default: 6
Description: The short term retention policy for the database (in days)
Type: number
Default: null
Description: Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.
Type: string
Default: "50"
Description: Version of SQL to be created
Type: string
Default: "12.0"
Description: storage account type: Geo, GeoZone, Local and Zone
Type: string
Default: "Local"
Description: Resource tags to be applied throughout the deployment.
Type: map(string)
Default: {}
Description: The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server
Type: number
Default: 1.2
Description: to enable extended auditing policy for server or database
Type: bool
Default: false
Description: To disable zone redundancy.
Type: bool
Default: false
The following Modules are called:
Source: ../diagnostic-settings
Version:
Source: ../diagnostic-settings
Version:
Source: ../private-endpoint
Version:
Source: ../rbac-assignment
Version:
The following outputs are exported:
Description: The ID of the SQL Server.
The following resources are used by this module:
- azurerm_monitor_metric_alert.cpu (resource)
- azurerm_mssql_database.defaultdb (resource)
- azurerm_mssql_database_extended_auditing_policy.database_auditing_policy (resource)
- azurerm_mssql_firewall_rule.firewall_rule (resource)
- azurerm_mssql_server.azure_sql_server (resource)
- azurerm_mssql_server_extended_auditing_policy.azure_sql_server (resource)
- azurerm_mssql_server_security_alert_policy.sql_server_alert_policy (resource)
- azurerm_mssql_server_vulnerability_assessment.sql_server_vulnerability_assessment (resource)