» azurerm_mssql_database_vulnerability_assessment_rule_baseline

Manages a Database Vulnerability Assessment Rule Baseline.

» Example Usage

resource "azurerm_resource_group" "example" {
  name     = "acceptanceTestResourceGroup1"
  location = "West US"
}

resource "azurerm_sql_server" "example" {
  name                         = "mysqlserver"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "4dm1n157r470r"
  administrator_login_password = "4-v3ry-53cr37-p455w0rd"
}

resource "azurerm_storage_account" "example" {
  name                     = "accteststorageaccount"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
}

resource "azurerm_storage_container" "example" {
  name                  = "accteststoragecontainer"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"
}

resource "azurerm_mssql_server_security_alert_policy" "example" {
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.example.name
  state               = "Enabled"
}

resource "azurerm_sql_database" "example" {
  name                = "mysqldatabase"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.example.name
  location            = azurerm_resource_group.example.location
  edition             = "Standard"
}

resource "azurerm_mssql_server_vulnerability_assessment" "example" {
  server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.example.id
  storage_container_path          = "${azurerm_storage_account.example.primary_blob_endpoint}${azurerm_storage_container.example.name}/"
  storage_account_access_key      = azurerm_storage_account.example.primary_access_key
}

resource "azurerm_mssql_database_vulnerability_assessment_rule_baseline" "example" {
  server_vulnerability_assessment_id = azurerm_mssql_server_vulnerability_assessment.example.id
  database_name                      = azurerm_sql_database.example.name
  rule_id                            = "VA2065"
  baseline_name                      = "master"
  baseline_result {
    result = [
      "allowedip1",
      "123.123.123.123",
      "123.123.123.123"
    ]
  }
  baseline_result {
    result = [
      "allowedip2",
      "255.255.255.255",
      "255.255.255.255"
    ]
  }
}

» Argument Reference

The following arguments are supported:

  • server_vulnerability_assessment_id - (Required) The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created.

  • database_name - (Required) Specifies the name of the MS SQL Database. Changing this forces a new resource to be created.

  • rule_id - (Required) The vulnerability assessment rule ID. Changing this forces a new resource to be created.

  • baseline_name - (Optional) The name of the vulnerability assessment rule baseline. Valid options are default and master. default implies a baseline on a database level rule and master for server level rule. Defaults to default. Changing this forces a new resource to be created.

  • baseline_result - (Required) A baseline_result block as documented below. Multiple blocks can be defined.


A baseline_result block supports the following:

  • result - (Required) A list representing a result of the baseline.

» Attributes Reference

The following attributes are exported:

  • id - The ID of the Database Vulnerability Assessment Rule Baseline.

» Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Database Vulnerability Assessment Rule Baseline.
  • update - (Defaults to 30 minutes) Used when updating the Database Vulnerability Assessment Rule Baseline.
  • read - (Defaults to 5 minutes) Used when retrieving the Database Vulnerability Assessment Rule Baseline.
  • delete - (Defaults to 30 minutes) Used when deleting the Database Vulnerability Assessment Rule Baseline.

» Import

Database Vulnerability Assessment Rule Baseline can be imported using the resource id, e.g.

terraform import azurerm_mssql_database_vulnerability_assessment_rule_baseline.example  /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/servers/mssqlserver/databases/mysqldatabase/vulnerabilityAssessments/Default/rules/VA2065/baselines/master