Azure Synapse SQL Pool Vulnerability Assessment
This page shows how to write Terraform and Azure Resource Manager for Synapse SQL Pool Vulnerability Assessment and write them securely.
azurerm_synapse_sql_pool_vulnerability_assessment (Terraform)
The SQL Pool Vulnerability Assessment in Synapse can be configured in Terraform with the resource name azurerm_synapse_sql_pool_vulnerability_assessment
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
The following arguments are supported:
sql_pool_security_alert_policy_id
- (Required) The ID of the security alert policy of the Synapse SQL Pool. Changing this forces a new resource to be created.storage_container_path
- (Required) A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).storage_account_access_key
- (Optional) Specifies the identifier key of the storage account for vulnerability assessment scan results. Ifstorage_container_sas_key
isn't specified,storage_account_access_key
is required.storage_container_sas_key
- (Optional) A shared access signature (SAS Key) that has write access to the blob container specified instorage_container_path
parameter. Ifstorage_account_access_key
isn't specified,storage_container_sas_key
is required.recurring_scans
- (Optional) The recurring scans settings. Therecurring_scans
block supports fields documented below.
recurring_scans
supports the following:
enabled
- (Optional) Boolean flag which specifies if recurring scans is enabled or disabled. Defaults tofalse
.email_subscription_admins_enabled
- (Optional) Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults tofalse
.emails
- (Optional) Specifies an array of e-mail addresses to which the scan notification is sent.
The following attributes are exported:
id
- The ID of the Synapse SQL Pool Vulnerability Assessment.
Explanation in Terraform Registry
Manages the Vulnerability Assessment for a Synapse SQL Pool.
Tips: Best Practices for The Other Azure Synapse Resources
In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
azurerm_synapse_workspace
Ensure to enable the managed virtual network
It is better to enable the managed virtual network, which is disabled as the default.
Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments (Azure Resource Manager)
The workspaces/sqlPools/vulnerabilityAssessments in Microsoft.Synapse can be configured in Azure Resource Manager with the resource name Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
apiVersion
required - stringname
required - stringThe name of the vulnerability assessment.
properties
requiredrecurringScans
optionalemails
optional - arraySpecifies an array of e-mail addresses to which the scan notification is sent.
emailSubscriptionAdmins
optional - booleanSpecifies that the schedule scan notification will be is sent to the subscription administrators.
isEnabled
optional - booleanRecurring scans state.
storageAccountAccessKey
optional - stringSpecifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required.
storageContainerPath
optional - stringA blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn't set
storageContainerSasKey
optional - stringA shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required.
type
required - string