-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsqlserver.tf
More file actions
77 lines (62 loc) · 3.77 KB
/
sqlserver.tf
File metadata and controls
77 lines (62 loc) · 3.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
data "azurerm_client_config" "current" {}
# SQL Server
resource "azurerm_sql_server" "resources-sqlserver-metastore" {
name = "${var.sqlserver_name}"
resource_group_name = "${azurerm_resource_group.resources-rg-hive-metastore.name}"
location = "${azurerm_resource_group.resources-rg-hive-metastore.location}"
version = "${var.sqlserver_version}"
administrator_login = "${var.sqlserver_login}"
administrator_login_password = "${var.sqlserver_pwd}"
// tags = "${local.tags}"
tags = {
Application_name = "${var.sqlserver_App_name}"
platform = "${var.sqlserver_platform}"
}
}
resource "null_resource" "resources-metastore-sqlserver-configuration" {
# Advanced Data Security
provisioner "local-exec" {
command = "Update-AzSqlServerAdvancedThreatProtectionSettings -ResourceGroupName ${azurerm_resource_group.resources-rg-hive-metastore.name} -ServerName ${var.sqlserver_name} -NotificationRecipientsEmails 'sai.kongara@optum.com;jeevan.paruchuri@optum.com' -EmailAdmins $True -StorageAccountName ${azurerm_storage_account.resource-metastore-storage.name}"
interpreter = ["pwsh", "-Command"]
}
# Vulnerability Scans
provisioner "local-exec" {
command = "Update-AzSqlServerVulnerabilityAssessmentSetting -ResourceGroupName ${azurerm_resource_group.resources-rg-hive-metastore.name} -ServerName ${var.sqlserver_name} -StorageAccountName ${azurerm_storage_account.resource-metastore-storage.name} -ScanResultsContainerName 'vulnerability-assessment' -RecurringScansInterval Weekly -NotificationEmail @('sai.kongara@optum.com' , 'jeevan.paruchuri@optum.com')"
interpreter = ["pwsh", "-Command"]
}
# Auditing
provisioner "local-exec" {
command = "Set-AzSqlServerAuditing -State Enabled -ResourceGroupName ${azurerm_resource_group.resources-rg-hive-metastore.name} -ServerName ${var.sqlserver_name} -StorageAccountName ${azurerm_storage_account.resource-metastore-storage.name} -RetentionInDays 2"
interpreter = ["pwsh", "-Command"]
}
}
# Security : Firewall Rule (Embedding the SQL Server (db) into secure Firewall)
resource "azurerm_sql_firewall_rule" "resources-metastore-sqlserver-firewallrule" {
name = "${var.sqlserver_firewall_rule_name}"
resource_group_name = "${azurerm_resource_group.resources-rg-hive-metastore.name}"
server_name = "${azurerm_sql_server.resources-sqlserver-metastore.name}"
start_ip_address = "${var.sqlserver_firewall_startip}"
end_ip_address = "${var.sqlserver_firewall_endip}"
}
# Configuring Service Principle as AD Admin for SQL Server
resource "azurerm_sql_active_directory_administrator" "resources-metastore-sqlserver-admin-config" {
server_name = "${azurerm_sql_server.resources-sqlserver-metastore.name}"
resource_group_name = "${azurerm_resource_group.resources-rg-hive-metastore.name}"
login = "${var.sqlserver_ad_admin_login}"
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
object_id = "${data.azurerm_client_config.current.service_principal_object_id}"
}
# SQL Database
resource "azurerm_sql_database" "resources-metastore-sql-db" {
name = "${var.sqldb_name}"
resource_group_name = "${azurerm_resource_group.resources-rg-hive-metastore.name}"
location = "${azurerm_resource_group.resources-rg-hive-metastore.location}"
server_name = "${azurerm_sql_server.resources-sqlserver-metastore.name}"
edition = "${var.sqldb_edition}"
requested_service_objective_name = "${var.sqldb_service_objective_name}"
// tags = "${local.tags}"
tags = {
Application_name = "${var.sqlserver_App_name}"
platform = "${var.sqlserver_platform}"
}
}