Azure Database SQL Failover Group

azurerm_sql_failover_group (Terraform)

The SQL Failover Group in Database can be configured in Terraform with the resource name azurerm_sql_failover_group. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

OT-terraform-azure-modules/terraform-SqlFailover

resource "azurerm_sql_failover_group" "terraformsqlFailover" {
  name                = var.sqlFailover_Name
  resource_group_name = var.sqlFailover_RG_Name
  server_name         = var.sqlFailover_Primary_Server
  databases           = [var.sqlFailover_DB_ID]
  tags                = var.sqlFailover_Tag

vjavle/drdemo

resource "azurerm_sql_failover_group" "sql_failover_group" {
    name                = format("sqlfailovergroup-%s-%s", var.environment,var.application_name)
    resource_group_name = azurerm_resource_group.rg_subscription_bzunit_env_region["pri"].name
    server_name         = azurerm_sql_server.sql_subscription_bzunit_env_region["pri"].name
    databases           = [azurerm_sql_database.sql-database["pri"].id]
    partner_servers {

anmoltoppo/Terraform

resource "azurerm_sql_failover_group" "failover_group" {
  name                = azurecaf_name.failover_group.result
  resource_group_name = var.resource_group_name
  server_name         = var.primary_server_name
  databases           = local.databases

aztfmod/terraform-azurerm-caf

resource "azurerm_sql_failover_group" "failover_group" {
  name                = azurecaf_name.failover_group.result
  resource_group_name = var.resource_group_name
  server_name         = var.primary_server_name
  databases           = local.databases

pkhuntia/aztfmod

resource "azurerm_sql_failover_group" "failover_group" {
  name                = azurecaf_name.failover_group.result
  resource_group_name = var.resource_group_name
  server_name         = var.primary_server_name
  databases           = local.databases

himank98/azure-stack

resource "azurerm_sql_failover_group" "failoverpolicy" {
  name                = "sql-database-failover123"
  resource_group_name = var.resource_group
  server_name         = azurerm_sql_server.primary.name
  databases           = [azurerm_sql_database.db1.id]
  partner_servers {

KevinDMack/TerraformSample

resource "azurerm_sql_failover_group" "example" {
  name                = "sqlpoc-failover-group"
  resource_group_name = azurerm_sql_server.primary.resource_group_name
  server_name         = azurerm_sql_server.primary.name
  databases           = [azurerm_sql_database.db1.id]
  partner_servers {

davesee/terraform-caf-rover-breakout

resource "azurerm_sql_failover_group" "failover_group" {
  name                = azurecaf_name.failover_group.result
  resource_group_name = var.resource_group_name
  server_name         = var.primary_server_name
  databases           = local.databases

niveklabs/azurerm

resource "azurerm_sql_failover_group" "this" {
  databases           = var.databases
  name                = var.name
  resource_group_name = var.resource_group_name
  server_name         = var.server_name
  tags                = var.tags

kevinhead/azurerm

resource "azurerm_sql_failover_group" "this" {
  databases           = var.databases
  name                = var.name
  resource_group_name = var.resource_group_name
  server_name         = var.server_name
  tags                = var.tags

Parameters

• databases optional - set of string
• id optional computed - string
• location optional computed - string
• name required - string
• resource_group_name required - string
• role optional computed - string
• server_name required - string
• tags optional - map from string to string
• partner_servers list block
  • id required - string
  • location optional computed - string
  • role optional computed - string
• read_write_endpoint_failover_policy list block
  • grace_minutes optional - number
  • mode required - string
• readonly_endpoint_failover_policy list block
  • mode required - string
• timeouts single block
  • create optional - string
  • delete optional - string
  • read optional - string
  • update optional - string

Explanation in Terraform Registry

Create a failover group of databases on a collection of Azure SQL servers.

Tips: Best Practices for The Other Azure Database Resources

In addition to the azurerm_mariadb_firewall_rule, Azure Database has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

azurerm_mariadb_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_mariadb_server

Ensure that access to Azure SQL Database is restricted

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

azurerm_mssql_database_extended_auditing_policy

Ensure to configure retention periods of database auditing to enough duration

It is better to configure retention periods of database auditing to enough duration. It would be better to set greater than at least 90 days.

azurerm_mssql_server

Ensure to enable auditing on Azure SQL databases

It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.

azurerm_mssql_server_security_alert_policy

Ensure to configure at least one email address for threat alerts

It is better to configure at least one email address for threat alerts. SQL Server is able to send alerts for threat detection via emails and it could support us to notice the incident on time.

azurerm_mysql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_mysql_server

Ensure to disable public access to database

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

azurerm_postgresql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_postgresql_server

Ensure to disable public access to database

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

azurerm_sql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

azurerm_sql_server

Ensure to enable auditing on Azure SQL databases

It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.