Azure Database MySQL Flexible Server Firewall Rule
This page shows how to write Terraform and Azure Resource Manager for Database MySQL Flexible Server Firewall Rule and write them securely.
azurerm_mysql_flexible_server_firewall_rule (Terraform)
The MySQL Flexible Server Firewall Rule in Database can be configured in Terraform with the resource name azurerm_mysql_flexible_server_firewall_rule
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
name
- (Required) Specifies the name of the MySQL Firewall Rule. Changing this forces a new resource to be created.server_name
- (Required) Specifies the name of the MySQL Flexible Server. Changing this forces a new resource to be created.resource_group_name
- (Required) The name of the resource group in which the MySQL Flexible Server exists. Changing this forces a new resource to be created.start_ip_address
- (Required) Specifies the Start IP Address associated with this Firewall Rule. Changing this forces a new resource to be created.end_ip_address
- (Required) Specifies the End IP Address associated with this Firewall Rule. Changing this forces a new resource to be created.
-> NOTE: The Azure feature Allow access to Azure services
can be enabled by setting start_ip_address
and end_ip_address
to 0.0.0.0
which (is documented in the Azure API Docs).
The following attributes are exported:
id
- The ID of the MySQL Firewall Rule.
Explanation in Terraform Registry
Manages a Firewall Rule for a MySQL Flexible Server.
Tips: Best Practices for The Other Azure Database Resources
In addition to the azurerm_mariadb_firewall_rule, Azure Database has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_mariadb_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_mariadb_server
Ensure that access to Azure SQL Database is restricted
It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.
azurerm_mssql_database_extended_auditing_policy
Ensure to configure retention periods of database auditing to enough duration
It is better to configure retention periods of database auditing to enough duration. It would be better to set greater than at least 90 days.
azurerm_mssql_server
Ensure to enable auditing on Azure SQL databases
It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.
azurerm_mssql_server_security_alert_policy
Ensure to configure at least one email address for threat alerts
It is better to configure at least one email address for threat alerts. SQL Server is able to send alerts for threat detection via emails and it could support us to notice the incident on time.
azurerm_mysql_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_mysql_server
Ensure to disable public access to database
It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.
azurerm_postgresql_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_postgresql_server
Ensure to disable public access to database
It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.
azurerm_sql_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_sql_server
Ensure to enable auditing on Azure SQL databases
It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.
Microsoft.DBforMySQL/flexibleServers/firewallRules (Azure Resource Manager)
The flexibleServers/firewallRules in Microsoft.DBforMySQL can be configured in Azure Resource Manager with the resource name Microsoft.DBforMySQL/flexibleServers/firewallRules
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
apiVersion
required - stringname
required - stringThe name of the server firewall rule.
properties
requiredendIpAddress
required - stringThe end IP address of the server firewall rule. Must be IPv4 format.
startIpAddress
required - stringThe start IP address of the server firewall rule. Must be IPv4 format.
type
required - string