adding example to create SQL DB with geo-replication, auto-failover groups and Private Endpoints using existing VNet and Subnets

Author: kumarvna

examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints/README.md

@@ -1,4 +1,4 @@
-# Azure SQL database creation with geo-replication, auto-failover groups and Private Endpoints
+# Azure SQL database with geo-replication, auto-failover groups and Private Endpoints
 
 Terraform module to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, optional azure monitoring, vulnerability assessment, Geo-replication with auto-failover groups and private endpoints. It also allows creating an SQL server database with a SQL script initialization.
 
@@ -46,7 +46,9 @@ module "mssql-server" {
   enable_failover_group         = true
   secondary_sql_server_location = "northeurope"
 
-  # enabling the Private Endpoints for Sql servers
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.vaultcore.azure.net` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
   enable_private_endpoint       = true
   virtual_network_name          = "vnet-shared-hub-westeurope-001"
   private_subnet_address_prefix = ["10.1.5.0/29"]

examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints/main.tf

@@ -39,7 +39,9 @@ module "mssql-server" {
   enable_failover_group         = true
   secondary_sql_server_location = "northeurope"
 
-  # enabling the Private Endpoints for Sql servers
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.vaultcore.azure.net` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
   enable_private_endpoint       = true
   virtual_network_name          = "vnet-shared-hub-westeurope-001"
   private_subnet_address_prefix = ["10.1.5.0/29"]

examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints_using_existing_VNet_and_Subnets/README.md

@@ -0,0 +1,113 @@
+# Azure SQL database creation with geo-replication, auto-failover groups and Private Endpoints
+
+Terraform module to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, optional azure monitoring, vulnerability assessment, Geo-replication with auto-failover groups and private endpoints. It also allows creating an SQL server database with a SQL script initialization.
+
+## Module Usage
+
+```terraform
+# Azurerm provider configuration
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_virtual_network" "example" {
+  name                = "vnet-shared-hub-westeurope-001"
+  resource_group_name = "rg-shared-westeurope-01"
+}
+
+data "azurerm_subnet" "example" {
+  name                 = "snet-private-ep"
+  virtual_network_name = data.azurerm_virtual_network.example.name
+  resource_group_name  = data.azurerm_virtual_network.example.resource_group_name
+}
+
+module "mssql-server" {
+  source  = "kumarvna/mssql-db/azurerm"
+  version = "1.3.0"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # SQL Server and Database details
+  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
+  sqlserver_name               = "te-sqldbserver01"
+  database_name                = "demomssqldb"
+  sql_database_edition         = "Standard"
+  sqldb_service_objective_name = "S1"
+
+  # SQL server extended auditing policy defaults to `true`. 
+  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
+  # DB extended auditing policy defaults to `false`. 
+  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+
+  # schedule scan notifications to the subscription administrators
+  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
+  enable_vulnerability_assessment = false
+  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
+
+  # Sql failover group creation. required secondary locaiton input. 
+  enable_failover_group         = true
+  secondary_sql_server_location = "northeurope"
+
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.vaultcore.azure.net` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
+  enable_private_endpoint = true
+  existing_vnet_id        = data.azurerm_virtual_network.example.id
+  existing_subnet_id      = data.azurerm_subnet.example.id
+  # existing_private_dns_zone = "demo.example.com"
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "[email protected]"
+
+  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
+  # log analytic workspace name required
+  enable_log_monitoring        = true
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  enable_firewall_rules = true
+  firewall_rules = [
+    {
+      name             = "access-to-azure"
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    {
+      name             = "desktop-ip"
+      start_ip_address = "123.201.36.94"
+      end_ip_address   = "123.201.36.94"
+    }
+  ]
+
+  # Adding additional TAG's to your Azure resources
+  tags = {
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}
+```
+
+## Terraform Usage
+
+To run this example you need to execute following Terraform commands
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.

examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints_using_existing_VNet_and_Subnets/main.tf

@@ -0,0 +1,93 @@
+# Azurerm provider configuration
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_virtual_network" "example" {
+  name                = "vnet-shared-hub-westeurope-001"
+  resource_group_name = "rg-shared-westeurope-01"
+}
+
+data "azurerm_subnet" "example" {
+  name                 = "snet-private-ep"
+  virtual_network_name = data.azurerm_virtual_network.example.name
+  resource_group_name  = data.azurerm_virtual_network.example.resource_group_name
+}
+
+module "mssql-server" {
+  source  = "kumarvna/mssql-db/azurerm"
+  version = "1.3.0"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # SQL Server and Database details
+  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
+  sqlserver_name               = "te-sqldbserver01"
+  database_name                = "demomssqldb"
+  sql_database_edition         = "Standard"
+  sqldb_service_objective_name = "S1"
+
+  # SQL server extended auditing policy defaults to `true`. 
+  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
+  # DB extended auditing policy defaults to `false`. 
+  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+
+  # schedule scan notifications to the subscription administrators
+  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
+  enable_vulnerability_assessment = false
+  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
+
+  # Sql failover group creation. required secondary locaiton input. 
+  enable_failover_group         = true
+  secondary_sql_server_location = "northeurope"
+
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.vaultcore.azure.net` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
+  enable_private_endpoint = true
+  existing_vnet_id        = data.azurerm_virtual_network.example.id
+  existing_subnet_id      = data.azurerm_subnet.example.id
+  # existing_private_dns_zone = "demo.example.com"
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "[email protected]"
+
+  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
+  # log analytic workspace name required
+  enable_log_monitoring        = true
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  enable_firewall_rules = true
+  firewall_rules = [
+    {
+      name             = "access-to-azure"
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    {
+      name             = "desktop-ip"
+      start_ip_address = "123.201.36.94"
+      end_ip_address   = "123.201.36.94"
+    }
+  ]
+
+  # Adding additional TAG's to your Azure resources
+  tags = {
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}

examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints_using_existing_VNet_and_Subnets/output.tf

@@ -0,0 +1,101 @@
+output "resource_group_name" {
+  description = "The name of the resource group in which resources are created"
+  value       = module.mssql-server.resource_group_name
+}
+
+output "resource_group_location" {
+  description = "The location of the resource group in which resources are created"
+  value       = module.mssql-server.resource_group_location
+}
+
+output "storage_account_id" {
+  description = "The ID of the storage account"
+  value       = module.mssql-server.storage_account_id
+}
+
+output "storage_account_name" {
+  description = "The name of the storage account"
+  value       = module.mssql-server.storage_account_name
+}
+
+output "primary_sql_server_id" {
+  description = "The primary Microsoft SQL Server ID"
+  value       = module.mssql-server.primary_sql_server_id
+}
+
+output "primary_sql_server_fqdn" {
+  description = "The fully qualified domain name of the primary Azure SQL Server"
+  value       = module.mssql-server.primary_sql_server_fqdn
+}
+
+output "secondary_sql_server_id" {
+  description = "The secondary Microsoft SQL Server ID"
+  value       = module.mssql-server.secondary_sql_server_id
+}
+
+output "secondary_sql_server_fqdn" {
+  description = "The fully qualified domain name of the secondary Azure SQL Server"
+  value       = module.mssql-server.secondary_sql_server_fqdn
+}
+
+output "sql_server_admin_user" {
+  description = "SQL database administrator login id"
+  value       = module.mssql-server.sql_server_admin_user
+  sensitive   = true
+}
+
+output "sql_server_admin_password" {
+  description = "SQL database administrator login password"
+  value       = module.mssql-server.sql_server_admin_password
+  sensitive   = true
+}
+
+output "sql_database_id" {
+  description = "The SQL Database ID"
+  value       = module.mssql-server.sql_database_id
+}
+
+output "sql_database_name" {
+  description = "The SQL Database Name"
+  value       = module.mssql-server.sql_database_name
+}
+
+output "sql_failover_group_id" {
+  description = "A failover group of databases on a collection of Azure SQL servers."
+  value       = module.mssql-server.sql_failover_group_id
+}
+
+output "primary_sql_server_private_endpoint" {
+  description = "id of the Primary SQL server Private Endpoint"
+  value       = module.mssql-server.primary_sql_server_private_endpoint
+}
+
+output "secondary_sql_server_private_endpoint" {
+  description = "id of the Primary SQL server Private Endpoint"
+  value       = module.mssql-server.secondary_sql_server_private_endpoint
+}
+
+output "sql_server_private_dns_zone_domain" {
+  description = "DNS zone name of SQL server Private endpoints dns name records"
+  value       = module.mssql-server.sql_server_private_dns_zone_domain
+}
+
+output "primary_sql_server_private_endpoint_ip" {
+  description = "Priamary SQL server private endpoint IPv4 Addresses "
+  value       = module.mssql-server.primary_sql_server_private_endpoint_ip
+}
+
+output "primary_sql_server_private_endpoint_fqdn" {
+  description = "Priamary SQL server private endpoint IPv4 Addresses "
+  value       = module.mssql-server.primary_sql_server_private_endpoint_fqdn
+}
+
+output "secondary_sql_server_private_endpoint_ip" {
+  description = "Secondary SQL server private endpoint IPv4 Addresses "
+  value       = module.mssql-server.secondary_sql_server_private_endpoint_ip
+}
+
+output "secondary_sql_server_private_endpoint_fqdn" {
+  description = "Secondary SQL server private endpoint IPv4 Addresses "
+  value       = module.mssql-server.secondary_sql_server_private_endpoint_fqdn
+}

examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints_using_existing_VNet_and_Subnets/variables.tf

@@ -53,7 +53,9 @@ module "mssql-server" {
   enable_vulnerability_assessment = false
   email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
 
-  # enabling the Private Endpoints for Sql servers
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.vaultcore.azure.net` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
   enable_private_endpoint = true
   existing_vnet_id        = data.azurerm_virtual_network.example.id
   existing_subnet_id      = data.azurerm_subnet.example.id

examples/Simple_SQL_Single_Database_with_Private_Endpoint_using_existing_VNet_and_Subnets/README.md

@@ -46,7 +46,9 @@ module "mssql-server" {
   enable_vulnerability_assessment = false
   email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
 
-  # enabling the Private Endpoints for Sql servers
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.vaultcore.azure.net` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
   enable_private_endpoint = true
   existing_vnet_id        = data.azurerm_virtual_network.example.id
   existing_subnet_id      = data.azurerm_subnet.example.id