Azure Database SQL Managed Database

This page shows how to write Terraform for Database SQL Managed Database and write them securely.

azurerm_sql_managed_database (Terraform)

The SQL Managed Database in Database can be configured in Terraform with the resource name azurerm_sql_managed_database. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • name - (Required) The name of the SQL Managed Instance. Changing this forces a new resource to be created.

  • sql_managed_instance_id - (Required) The SQL Managed Instance ID that this Managed Database will be associated with. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.


The following attributes are exported:

  • id - The SQL Managed Database ID.

Import

SQL Managed Databases can be imported using the resource id, e.g.

terraform import azurerm_sql_managed_database.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Sql/managedInstances/myserver/databases/mydatabase

Explanation in Terraform Registry

Manages a SQL Azure Managed Database

Tips: Best Practices for The Other Azure Database Resources

In addition to the azurerm_mariadb_firewall_rule, Azure Database has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

azurerm_mariadb_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

risk-label

azurerm_mariadb_server

Ensure that access to Azure SQL Database is restricted

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

risk-label

azurerm_mssql_database_extended_auditing_policy

Ensure to configure retention periods of database auditing to enough duration

It is better to configure retention periods of database auditing to enough duration. It would be better to set greater than at least 90 days.

risk-label

azurerm_mssql_server

Ensure to enable auditing on Azure SQL databases

It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.

risk-label

azurerm_mssql_server_security_alert_policy

Ensure to configure at least one email address for threat alerts

It is better to configure at least one email address for threat alerts. SQL Server is able to send alerts for threat detection via emails and it could support us to notice the incident on time.

risk-label

azurerm_mysql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

risk-label

azurerm_mysql_server

Ensure to disable public access to database

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

risk-label

azurerm_postgresql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

risk-label

azurerm_postgresql_server

Ensure to disable public access to database

It is better to disable public access to the database to avoid unwilling communications with unknown services if not required.

risk-label

azurerm_sql_firewall_rule

Ensure database firewalls do not permit public access

It is better to restrict IP address ranges that can access the database by firewall rules. If both start_ip_address and end_ip_address are set to 0.0.0.0, it blocks connections from the Internet and accepts connections from all Azure datacenter IP addresses.

risk-label

azurerm_sql_server

Ensure to enable auditing on Azure SQL databases

It is better to enable auditing on Azure SQL databases. It helps you maintain regulatory compliance, monitor the activities indicating unexpected incidents or suspected security violations.

Review your Azure Database settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Azure Resource Manager Example

Azure Resource Manager code does not have the related resource.

Frequently asked questions

What is Azure Database SQL Managed Database?

Azure Database SQL Managed Database is a resource for Database of Microsoft Azure. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.