1- # Azure SQL Database Using Failover Groups with Private endpoints
1+ # Azure SQL database creation using geo-replication with auto-failover groups
22
3- Terraform module for Azure to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, Failover Group, Private endpoint, and corresponding private DNS zone for privatelink A records . It also allows creating an SQL server database with a SQL script initialization.
3+ Terraform module to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, optional azure monitoring, vulnerability assessment and Geo-replication with auto-failover groups . It also allows creating an SQL server database with a SQL script initialization.
44
55## Module Usage
66
7- ### Azure SQL database creation using geo-replication with auto-failover groups
8-
9- Following example to create a SQL database using geo-replication with auto-failover groups. This module also supports optional AD admin user for DB, Audit Policies, Firewall Rules, and creation of database schema using SQL script.
10-
11- ```
7+ ``` hcl
128module "mssql-server" {
13- source = "kumarvna/mssql-db/azurerm"
14- version = "1.0.0"
15-
16- # Resource Group, VNet and Subnet declarations
17- create_resource_group = false
18- resource_group_name = "rg-demo-westeurope-01"
19- location = "westeurope"
20- virtual_network_name = "vnet-demo-westeurope-001"
21- private_subnet_address_prefix = "10.0.5.0/29"
22-
23- # SQL Server and Database scaling options
24- sqlserver_name = "sqldbserver-db01"
25- database_name = "demomssqldb"
26- sql_database_edition = "Standard"
27- sqldb_service_objective_name = "S1"
28-
29- # SQL Server and Database Audit policies
30- enable_auditing_policy = true
31- enable_threat_detection_policy = true
32- log_retention_days = 30
33- email_addresses_for_alerts = ["[email protected] "] 34-
35- # AD administrator for an Azure SQL server
36- enable_sql_ad_admin = true
37- ad_admin_login_name = "[email protected] " 38-
39- # Firewall Rules to allow azure and external clients
40- enable_firewall_rules = true
9+ source = "kumarvna/mssql-db/azurerm"
10+ version = "1.1.0"
11+
12+ # By default, this module will not create a resource group
13+ # proivde a name to use an existing resource group, specify the existing resource group name,
14+ # and set the argument to `create_resource_group = false`. Location will be same as existing RG.
15+ resource_group_name = "rg-shared-westeurope-01"
16+ location = "westeurope"
17+ virtual_network_name = "vnet-shared-hub-westeurope-001"
18+
19+ # SQL Server and Database details
20+ # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11
21+ sqlserver_name = "sqldbserver01"
22+ database_name = "demomssqldb"
23+ sql_database_edition = "Standard"
24+ sqldb_service_objective_name = "S1"
25+
26+ # SQL server extended auditing policy defaults to `true`. To turn off set enable_sql_server_extended_auditing_policy to `false`
27+ # DB extended auditing policy defaults to `false`. to tun on set the variable `enable_database_extended_auditing_policy` to `true`
28+ # To enable Azure Defender for Azure SQL database servers set `enable_threat_detection_policy` to true
29+ enable_threat_detection_policy = true
30+ log_retention_days = 30
31+
32+ # schedule scan notifications to the subscription administrators
33+ # Manages the Vulnerability Assessment for a MS SQL Server set `enable_vulnerability_assessment` to `true`
34+ enable_vulnerability_assessment = false
35+ sql_admin_email_addresses = ["[email protected] ", "[email protected] "] 36+
37+ # AD administrator for an Azure SQL server
38+ # Allows you to set a user or group as the AD administrator for an Azure SQL server
39+ ad_admin_login_name = "[email protected] " 40+
41+ # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
42+ # log analytic workspace name required
43+ enable_log_monitoring = true
44+ log_analytics_workspace_name = "loganalytics-we-sharedtest2"
45+
46+ # Sql failover group creation. required secondary locaiton input.
47+ enable_failover_group = true
48+ secondary_sql_server_location = "northeurope"
49+
50+ # Firewall Rules to allow azure and external clients and specific Ip address/ranges.
51+ enable_firewall_rules = true
4152 firewall_rules = [
42- {name = "access-to-azure"
43- start_ip_address = "0.0.0.0"
44- end_ip_address = "0.0.0.0"},
45- {name = "desktop-ip"
46- start_ip_address = "123.201.75.71"
47- end_ip_address = "123.201.75.71"}]
48-
49- # Sql failover group
50- enable_failover_group = true
51- secondary_sql_server_location = "northeurope"
52-
53- # Create and initialize a database with SQL script
54- initialize_sql_script_execution = false
55- sqldb_init_script_file = "./artifacts/db-init-sample.sql"
56-
57- # Tags for Azure Resources
53+ {
54+ name = "access-to-azure"
55+ start_ip_address = "0.0.0.0"
56+ end_ip_address = "0.0.0.0"
57+ },
58+ {
59+ name = "desktop-ip"
60+ start_ip_address = "49.204.225.134"
61+ end_ip_address = "49.204.225.134"
62+ }
63+ ]
64+
65+ # Create and initialize a database with custom SQL script
66+ # need sqlcmd utility to run this command
67+ # your desktop public IP must be added firewall rules to run this command
68+ initialize_sql_script_execution = true
69+ sqldb_init_script_file = "../artifacts/db-init-sample.sql"
70+
71+ # Tags for Azure Resources
5872 tags = {
5973 Terraform = "true"
6074 Environment = "dev"
@@ -67,10 +81,10 @@ module "mssql-server" {
6781
6882To run this example you need to execute following Terraform commands
6983
70- ```
71- $ terraform init
72- $ terraform plan
73- $ terraform apply
84+ ``` bash
85+ terraform init
86+ terraform plan
87+ terraform apply
7488```
7589
7690Run ` terraform destroy ` when you don't need these resources.
0 commit comments