» azurerm_mssql_server

Manages a Microsoft SQL Azure Database Server.

» Example Usage

resource "azurerm_resource_group" "example" {
  name     = "database-rg"
  location = "West US"
}

resource "azurerm_storage_account" "example" {
  name                     = "examplesa"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_mssql_server" "example" {
  name                         = "mssqlserver"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "missadministrator"
  administrator_login_password = "thisIsKat11"

  azuread_administrator {
    login_username = "AzureAD Admin"
    object_id      = "00000000-0000-0000-0000-000000000000"
  }

  extended_auditing_policy {
    storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
    storage_account_access_key              = azurerm_storage_account.example.primary_access_key
    storage_account_access_key_is_secondary = true
    retention_in_days                       = 6
  }

  tags = {
    environment = "production"
  }
}

» Argument Reference

The following arguments are supported:

  • name - (Required) The name of the Microsoft SQL Server. This needs to be globally unique within Azure.

  • resource_group_name - (Required) The name of the resource group in which to create the Microsoft SQL Server.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • version - (Required) The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).

  • administrator_login - (Required) The administrator login name for the new server. Changing this forces a new resource to be created.

  • administrator_login_password - (Required) The password associated with the administrator_login user. Needs to comply with Azure's Password Policy

  • azuread_administrator - (Optional) An azuread_administrator block as defined below.

  • extended_auditing_policy - (Optional) A extended_auditing_policy block as defined below.

  • connection_policy - (Optional) The connection policy the server will use. Possible values are Default, Proxy, and Redirect. Defaults to Default.

  • identity - (Optional) An identity block as defined below.

  • public_network_access_enabled - (Optional) Whether or not public network access is allowed for this server. Defaults to true.

  • tags - (Optional) A mapping of tags to assign to the resource.


An identity block supports the following:

  • type - (Required) Specifies the identity type of the Microsoft SQL Server. At this time the only allowed value is SystemAssigned.

» Attributes Reference

The following attributes are exported:

  • id - the Microsoft SQL Server ID.

  • fully_qualified_domain_name - The fully qualified domain name of the Azure SQL Server (e.g. myServerName.database.windows.net)


identity exports the following:

  • principal_id - The Principal ID for the Service Principal associated with the Identity of this SQL Server.

  • tenant_id - The Tenant ID for the Service Principal associated with the Identity of this SQL Server.


A azuread_administrator block supports the following:

  • login_username - (Required) The login username of the Azure AD Administrator of this SQL Server.

  • object_id - (Required) The object id of the Azure AD Administrator of this SQL Server.

  • tenant_id - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.


A extended_auditing_policy block supports the following:

» Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 60 minutes) Used when creating the Microsoft SQL Server.
  • update - (Defaults to 60 minutes) Used when updating the Microsoft SQL Server.
  • read - (Defaults to 5 minutes) Used when retrieving the Microsoft SQL Server.
  • delete - (Defaults to 60 minutes) Used when deleting the Microsoft SQL Server.

» Import

SQL Servers can be imported using the resource id, e.g.

terraform import azurerm_mssql_server.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Sql/servers/myserver