Azure Database MariaDB Server

azurerm_mariadb_server (Terraform)

The MariaDB Server in Database can be configured in Terraform with the resource name azurerm_mariadb_server. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

gilyas/infracost

resource "azurerm_mariadb_server" "basic_2core" {
  name                = "example-mariadb-server"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  administrator_login          = "fake"

infracost/infracost

resource "azurerm_mariadb_server" "basic_2core" {
  name                = "example-mariadb-server"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  administrator_login          = "fake"

prancer-io/prancer-terramerra

resource "azurerm_mariadb_server" "example" {
  name                = "mariadb-svr"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  sku_name = "B_Gen5_2"

DevOpsFu/terraform-modules

resource "azurerm_mariadb_server" "mariadbServer" {
  name                = var.name
  location            = var.location
  resource_group_name = var.resourceGroupName
  sku_name            = var.skuName

xhoto/xo-iac

resource "azurerm_mariadb_server" "mariadb" {
  name                = var.name
  resource_group_name = var.rg.name
  location            = var.rg.location
  administrator_login           = var.mariadb_administrator_login
  administrator_login_password  = var.mariadb_administrator_login_password

KryderXtivia/strappiSetup

resource "azurerm_mariadb_server" "example" {
  name                = var.mariadbserver
  location            = var.location
  resource_group_name = var.azurerm_resource_group

  sku_name = "B_Gen5_2"

higorbarbosa/treinamento-terraform-azure

resource "azurerm_mariadb_server" "mariaserver" {
  name                = "mariadbservertf"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  sku_name                     = "B_Gen5_2"

OTAKU-Wang/terraform-controller

resource "azurerm_mariadb_server" "example" {
  name = "mariadb-svr-sample"
  location = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  sku_name = "B_Gen5_2"

mdelacal/terraform-azure

resource "azurerm_mariadb_server" "tf-mariadbserver-miguel" {
  name                = "tf-mariadbserver-miguel"
  location            = azurerm_resource_group.tf-rg-miguel.location
  resource_group_name = azurerm_resource_group.tf-rg-miguel.name

  administrator_login          = "miguel"

Checkmarx/kics

resource "azurerm_mariadb_server" "positive2" {
  name                = "example-mariadb-server"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  administrator_login          = "mariadbadmin"

Security Best Practices for azurerm_mariadb_server

There are 2 settings in azurerm_mariadb_server that should be taken care of for security reasons. The following section explain an overview and example code.

Ensure that access to Azure SQL Database is restricted

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

Ensure to enable SSL enforcement

It is better to enable SSL enforcement to ensure secure transfer and mitigate the risks of compromising the communication data.

Parameters

• administrator_login optional computed - string
• administrator_login_password optional - string
• auto_grow_enabled optional computed - bool
• backup_retention_days optional computed - number
• create_mode optional - string
• creation_source_server_id optional - string
• fqdn optional computed - string
• geo_redundant_backup_enabled optional computed - bool
• id optional computed - string
• location required - string
• name required - string
• public_network_access_enabled optional - bool
• resource_group_name required - string
• restore_point_in_time optional - string
• sku_name required - string
• ssl_enforcement optional computed - string
• ssl_enforcement_enabled optional - bool
• storage_mb optional computed - number
• tags optional - map from string to string
• version required - string
• storage_profile list block
  • auto_grow optional computed - string
  • backup_retention_days optional computed - number
  • geo_redundant_backup optional computed - string
  • storage_mb optional - number
• timeouts single block
  • create optional - string
  • delete optional - string
  • read optional - string
  • update optional - string

Explanation in Terraform Registry

Manages a MariaDB Server.

Tips: Best Practices for The Other Azure Database Resources

In addition to the azurerm_mariadb_firewall_rule, Azure Database has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

azurerm_mariadb_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_mssql_database_extended_auditing_policy

Ensure to configure retention periods of database auditing to enough duration

It is better to configure retention periods of database auditing to enough duration. It would be better to set greater than at least 90 days.

azurerm_mssql_server

Ensure to enable auditing on Azure SQL databases

It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.

azurerm_mssql_server_security_alert_policy

Ensure to configure at least one email address for threat alerts

It is better to configure at least one email address for threat alerts. SQL Server is able to send alerts for threat detection via emails and it could support us to notice the incident on time.

azurerm_mysql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_mysql_server

Ensure to disable public access to database

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

azurerm_postgresql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_postgresql_server

Ensure to disable public access to database

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

azurerm_sql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_sql_server

Ensure to enable auditing on Azure SQL databases

It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.