Top / Microsoft Azure / Azure Synapse / Workspace Security Alert Policy

Azure Synapse Workspace Security Alert Policy

This page shows how to write Terraform and Azure Resource Manager for Synapse Workspace Security Alert Policy and write them securely.

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_synapse_workspace_security_alert_policy (Terraform)

The Workspace Security Alert Policy in Synapse can be configured in Terraform with the resource name azurerm_synapse_workspace_security_alert_policy. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

synapse_workspace_id - (Required) Specifies the ID of the Synapse Workspace. Changing this forces a new resource to be created.
policy_state - (Required) Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific workspace. Allowed values are: Disabled, Enabled.
disabled_alerts - (Optional) Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
email_account_admins_enabled - (Optional) Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
email_addresses - (Optional) Specifies an array of e-mail addresses to which the alert is sent.
retention_days - (Optional) Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storage_account_access_key - (Optional) Specifies the identifier key of the Threat Detection audit storage account.
storage_endpoint - (Optional) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

The following attributes are exported:

id - The ID of the Synapse Workspace Security Alert Policy.

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Security Alert Policy for a Synapse Workspace.

>> from Terraform Registry

Tips: Best Practices for The Other Azure Synapse Resources

In addition to the azurerm_synapse_workspace, Azure Synapse has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

azurerm_synapse_workspace

Ensure to enable the managed virtual network

It is better to enable the managed virtual network, which is disabled as the default.

Review your Azure Synapse settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Microsoft.Synapse/workspaces/securityAlertPolicies (Azure Resource Manager)

The workspaces/securityAlertPolicies in Microsoft.Synapse can be configured in Azure Resource Manager with the resource name Microsoft.Synapse/workspaces/securityAlertPolicies. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

azsk/AzTS-docs

Security_-_SQL_Server_-_Synapse_SQL_pools_-_DeploySqlServerThreatDetection.json#L29

                "type": "Microsoft.Synapse/workspaces/securityAlertPolicies",
                "name": "Default",
                "existenceCondition": {
                    "allOf": [
                        {
                            "field": "Microsoft.Synapse/workspaces/securityAlertPolicies/state",

otubukhay/kayrepotest