Azure Database SQL Failover Group
This page shows how to write Terraform for Database SQL Failover Group and write them securely.
azurerm_sql_failover_group (Terraform)
The SQL Failover Group in Database can be configured in Terraform with the resource name azurerm_sql_failover_group
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_sql_failover_group" "terraformsqlFailover" {
name = var.sqlFailover_Name
resource_group_name = var.sqlFailover_RG_Name
server_name = var.sqlFailover_Primary_Server
databases = [var.sqlFailover_DB_ID]
tags = var.sqlFailover_Tag
resource "azurerm_sql_failover_group" "sql_failover_group" {
name = format("sqlfailovergroup-%s-%s", var.environment,var.application_name)
resource_group_name = azurerm_resource_group.rg_subscription_bzunit_env_region["pri"].name
server_name = azurerm_sql_server.sql_subscription_bzunit_env_region["pri"].name
databases = [azurerm_sql_database.sql-database["pri"].id]
partner_servers {
resource "azurerm_sql_failover_group" "failover_group" {
name = azurecaf_name.failover_group.result
resource_group_name = var.resource_group_name
server_name = var.primary_server_name
databases = local.databases
resource "azurerm_sql_failover_group" "failover_group" {
name = azurecaf_name.failover_group.result
resource_group_name = var.resource_group_name
server_name = var.primary_server_name
databases = local.databases
resource "azurerm_sql_failover_group" "failover_group" {
name = azurecaf_name.failover_group.result
resource_group_name = var.resource_group_name
server_name = var.primary_server_name
databases = local.databases
resource "azurerm_sql_failover_group" "failoverpolicy" {
name = "sql-database-failover123"
resource_group_name = var.resource_group
server_name = azurerm_sql_server.primary.name
databases = [azurerm_sql_database.db1.id]
partner_servers {
resource "azurerm_sql_failover_group" "example" {
name = "sqlpoc-failover-group"
resource_group_name = azurerm_sql_server.primary.resource_group_name
server_name = azurerm_sql_server.primary.name
databases = [azurerm_sql_database.db1.id]
partner_servers {
resource "azurerm_sql_failover_group" "failover_group" {
name = azurecaf_name.failover_group.result
resource_group_name = var.resource_group_name
server_name = var.primary_server_name
databases = local.databases
resource "azurerm_sql_failover_group" "this" {
databases = var.databases
name = var.name
resource_group_name = var.resource_group_name
server_name = var.server_name
tags = var.tags
resource "azurerm_sql_failover_group" "this" {
databases = var.databases
name = var.name
resource_group_name = var.resource_group_name
server_name = var.server_name
tags = var.tags
Parameters
-
databases
optional - set of string -
id
optional computed - string -
location
optional computed - string -
name
required - string -
resource_group_name
required - string -
role
optional computed - string -
server_name
required - string -
tags
optional - map from string to string -
partner_servers
list block -
read_write_endpoint_failover_policy
list block-
grace_minutes
optional - number -
mode
required - string
-
-
readonly_endpoint_failover_policy
list block-
mode
required - string
-
-
timeouts
single block
Explanation in Terraform Registry
Create a failover group of databases on a collection of Azure SQL servers.
Tips: Best Practices for The Other Azure Database Resources
In addition to the azurerm_mariadb_firewall_rule, Azure Database has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_mariadb_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_mariadb_server
Ensure that access to Azure SQL Database is restricted
It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.
azurerm_mssql_database_extended_auditing_policy
Ensure to configure retention periods of database auditing to enough duration
It is better to configure retention periods of database auditing to enough duration. It would be better to set greater than at least 90 days.
azurerm_mssql_server
Ensure to enable auditing on Azure SQL databases
It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.
azurerm_mssql_server_security_alert_policy
Ensure to configure at least one email address for threat alerts
It is better to configure at least one email address for threat alerts. SQL Server is able to send alerts for threat detection via emails and it could support us to notice the incident on time.
azurerm_mysql_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_mysql_server
Ensure to disable public access to database
It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.
azurerm_postgresql_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_postgresql_server
Ensure to disable public access to database
It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.
azurerm_sql_firewall_rule
Ensure database firewalls do not permit public access
It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.
azurerm_sql_server
Ensure to enable auditing on Azure SQL databases
It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.
Azure Resource Manager Example
Azure Resource Manager code does not have the related resource.
Frequently asked questions
What is Azure Database SQL Failover Group?
Azure Database SQL Failover Group is a resource for Database of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Database SQL Failover Group?
For Terraform, the OT-terraform-azure-modules/terraform-SqlFailover, vjavle/drdemo and anmoltoppo/Terraform source code examples are useful. See the Terraform Example section for further details.