Terraform-provider-azurerm: Please add "ADVANCED DATA SECURITY" options to azurerm_sql_server

Created on 3 May 2019  路  8Comments  路  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

It would be nice to be able to toggle "ADVANCED DATA SECURITY" and enable "periodic reoccurring scans."

New or Affected Resource(s)

  • azurerm_sql_server

Potential Terraform Configuration

resource "azurerm_sql_server" "test" {
  advanced_data_security_enabled = true
  ...
}

References

https://www.terraform.io/docs/providers/azurerm/r/sql_server.html

enhancement servicmssql
Source
picture Sahasrara
👍33

Most helpful comment

Any updates on this?

picture edisonmndza on 11 Oct 2019
👍9

All 8 comments

This is a good one to enable as flags at high in Security Center for not being enabled. @tombuildsstuff what would the roadmap for this look like? Not sure if there is another ticket for enabling SQL server auditing?

ricohomewood picture ricohomewood on 21 Jun 2019
👍1

I got this enabled and thus the warning in SC to go away using the threat_detection_policy setting

threat_detection_policy {
state = "Enabled"
email_account_admins = "Disabled"
email_addresses = ["[email protected]"]
retention_days = "30"
storage_account_access_key = "${var.storage_logging_key}"
storage_endpoint = "https://${var.storage_logging_endpoint}/"
use_server_default = "Disabled"
}

in the azurerm_sql_database resource.

Still working on how to enable the Auditing though...

angusmack-altius picture angusmack-altius on 16 Jul 2019
👍1

so it should be a case of implementing threat_detection_policy block at the logical SQL server level in azurerm_sql_server if this is already available at the database level.

ricohomewood picture ricohomewood on 16 Jul 2019
👍3

Any updates on this?

edisonmndza picture edisonmndza on 11 Oct 2019
👍9

@katbyte - Any chance we can get this planned? Best to apply this at the SQL Server level so that all DB's under it will inherit the settings. If possible it would nice if the policy was a separate resource instead of a field map.

rohrerb picture rohrerb on 24 Mar 2020

It appears this isn't available at the SQL Server level in the API. This could be a MS feature required to be added to their API. I could only find the below linked API which is for a single database and seems to be related to the policy that you can set per database.
https://docs.microsoft.com/en-us/rest/api/sql/databasethreatdetectionpolicies/createorupdate

andymac4182 picture andymac4182 on 21 Apr 2020

You can achieve this with https://www.terraform.io/docs/providers/azurerm/r/mssql_server_vulnerability_assessment.html and https://www.terraform.io/docs/providers/azurerm/r/mssql_server_security_alert_policy.html

phatcher picture phatcher on 19 Jul 2020
👍2

As @phatcher mentioned, creating a vulnerability assessment resource azurerm_mssql_server_vulnerability_assessment implicitly enables Advanced Data Security. It is a workaround though.

ramioh picture ramioh on 10 Aug 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Lachlan-White picture Lachlan-White  路  3Comments
JayDoubleu picture JayDoubleu  路  3Comments
akamalov picture akamalov  路  3Comments
Kanikamiglani31 picture Kanikamiglani31  路  3Comments
rolandjohann picture rolandjohann  路  3Comments