adding example to create SQL DB with geo-replication, auto-failover groups and Private Endpoints

Author: kumarvna

examples/README.md

@@ -2,12 +2,14 @@
 
 Terraform module for Azure to create a MS SQL server with initial database, Azure AD login, Firewall rules, Failover Group, Private endpoint, and corresponding private DNS zone. It also supports creating a database with a custom SQL script initialization.
 
-## Module Usage for
+## Module Usage for:
 
 - [Simple SQL Single DB Creation](Simple_SQL_Single_Database_creation/)
-- [Simple SQL Single DB with Private link Endpoint](Simple_SQL_Single_Database_Using_Private_Endpoint/)
-- [SQL DB with Geo-Replication and Auto Failover Groups](SQL_DB_Using_Geo-replication_with_Auto-Failover_Groups/)
-- [SQL DB with Geo-Replication, Private Endpoints, and Auto Failover Groups](SQL_DB_Using_Geo-replication_with_Auto-Failover_Groups_and_Private_Endpoints/)
+- [Simple SQL Single DB with Private link Endpoint](Simple_SQL_Single_Database_with_Private_Endpoint/)
+- [Simple SQL Single DB with Private link Endpoint using existing VNet and Subnets](Simple_SQL_Single_Database_with_Private_Endpoint_using_existing_VNet_and_Subnets/)
+- [SQL DB with Geo-Replication and Auto Failover Groups](SQL_DB_with_Geo-replication_and_Auto-Failover_Groups/)
+- [SQL DB with Geo-Replication, Private Endpoints, and Auto Failover Groups](SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints/)
+- [SQL DB with Geo-Replication, Private Endpoints using existing VNet and Subnets, and Auto Failover Groups](SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints_using_existing_VNet_and_Subnets/)
 
 ## Terraform Usage
 

examples/SQL_DB_Using_Geo-replication_with_Auto-Failover_Groups_and_Private_Endpoints/README.md renamed to examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints/README.md

@@ -1,103 +1,100 @@
-# Azure SQL database creation using geo-replication with auto-failover groups and Private Endpoints
-
-Terraform module to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, optional azure monitoring, vulnerability assessment, Geo-replication with auto-failover groups and private endpoints. It also allows creating an SQL server database with a SQL script initialization.
-
-## Module Usage
-
-```hcl
-# Azurerm provider configuration
-provider "azurerm" {
-  features {}
-}
-
-module "mssql-server" {
-  source  = "kumarvna/mssql-db/azurerm"
-  version = "1.2.0"
-
-  # By default, this module will create a resource group
-  # proivde a name to use an existing resource group and set the argument 
-  # to `create_resource_group = false` if you want to existing resoruce group. 
-  # If you use existing resrouce group location will be the same as existing RG.
-  create_resource_group         = false
-  resource_group_name           = "rg-shared-westeurope-01"
-  location                      = "westeurope"
-  virtual_network_name          = "vnet-shared-hub-westeurope-001"
-  private_subnet_address_prefix = ["10.1.5.0/29"]
-
-  # SQL Server and Database details
-  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
-  sqlserver_name               = "sqldbserver01"
-  database_name                = "demomssqldb"
-  sql_database_edition         = "Standard"
-  sqldb_service_objective_name = "S1"
-
-  # SQL server extended auditing policy defaults to `true`. 
-  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
-  # DB extended auditing policy defaults to `false`. 
-  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
-  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
-  enable_threat_detection_policy = true
-  log_retention_days             = 30
-
-  # schedule scan notifications to the subscription administrators
-  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
-  enable_vulnerability_assessment = false
-  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
-
-  # Sql failover group creation. required secondary locaiton input. 
-  enable_failover_group         = true
-  secondary_sql_server_location = "northeurope"
-
-  # enabling the Private Endpoints for Sql servers
-  enable_private_endpoint = true
-
-  # AD administrator for an Azure SQL server
-  # Allows you to set a user or group as the AD administrator for an Azure SQL server
-  ad_admin_login_name = "[email protected]"
-
-  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
-  # log analytic workspace name required
-  enable_log_monitoring        = true
-  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
-
-  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
-  enable_firewall_rules = true
-  firewall_rules = [
-    {
-      name             = "access-to-azure"
-      start_ip_address = "0.0.0.0"
-      end_ip_address   = "0.0.0.0"
-    },
-    {
-      name             = "desktop-ip"
-      start_ip_address = "49.204.225.134"
-      end_ip_address   = "49.204.225.134"
-    }
-  ]
-
-  # Create and initialize a database with custom SQL script
-  # need sqlcmd utility to run this command 
-  # your desktop public IP must be added to firewall rules to run this command 
-  initialize_sql_script_execution = true
-  sqldb_init_script_file          = "../artifacts/db-init-sample.sql"
-
-  # Tags for Azure Resources
-  tags = {
-    Terraform   = "true"
-    Environment = "dev"
-    Owner       = "test-user"
-  }
-}
-```
-
-## Terraform Usage
-
-To run this example you need to execute following Terraform commands
-
-```bash
-terraform init
-terraform plan
-terraform apply
-```
-
-Run `terraform destroy` when you don't need these resources.
+# Azure SQL database creation with geo-replication, auto-failover groups and Private Endpoints
+
+Terraform module to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, optional azure monitoring, vulnerability assessment, Geo-replication with auto-failover groups and private endpoints. It also allows creating an SQL server database with a SQL script initialization.
+
+## Module Usage
+
+```terraform
+# Azurerm provider configuration
+provider "azurerm" {
+  features {}
+}
+
+module "mssql-server" {
+  source  = "kumarvna/mssql-db/azurerm"
+  version = "1.3.0"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # SQL Server and Database details
+  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
+  sqlserver_name               = "te-sqldbserver01"
+  database_name                = "demomssqldb"
+  sql_database_edition         = "Standard"
+  sqldb_service_objective_name = "S1"
+
+  # SQL server extended auditing policy defaults to `true`. 
+  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
+  # DB extended auditing policy defaults to `false`. 
+  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+
+  # schedule scan notifications to the subscription administrators
+  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
+  enable_vulnerability_assessment = false
+  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
+
+  # Sql failover group creation. required secondary locaiton input. 
+  enable_failover_group         = true
+  secondary_sql_server_location = "northeurope"
+
+  # enabling the Private Endpoints for Sql servers
+  enable_private_endpoint       = true
+  virtual_network_name          = "vnet-shared-hub-westeurope-001"
+  private_subnet_address_prefix = ["10.1.5.0/29"]
+  # existing_private_dns_zone = "demo.example.com"
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "[email protected]"
+
+  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
+  # log analytic workspace name required
+  enable_log_monitoring        = true
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  enable_firewall_rules = true
+  firewall_rules = [
+    {
+      name             = "access-to-azure"
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    {
+      name             = "desktop-ip"
+      start_ip_address = "123.201.36.94"
+      end_ip_address   = "123.201.36.94"
+    }
+  ]
+
+  # Adding additional TAG's to your Azure resources
+  tags = {
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}
+```
+
+## Terraform Usage
+
+To run this example you need to execute following Terraform commands
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.

examples/SQL_DB_Using_Geo-replication_with_Auto-Failover_Groups_and_Private_Endpoints/main.tf renamed to examples/SQL_DB_with_Geo-replication_Auto-Failover_Groups_and_Private_Endpoints/main.tf

@@ -1,83 +1,80 @@
-# Azurerm provider configuration
-provider "azurerm" {
-  features {}
-}
-
-module "mssql-server" {
-  source  = "kumarvna/mssql-db/azurerm"
-  version = "1.2.0"
-
-  # By default, this module will create a resource group
-  # proivde a name to use an existing resource group and set the argument 
-  # to `create_resource_group = false` if you want to existing resoruce group. 
-  # If you use existing resrouce group location will be the same as existing RG.
-  create_resource_group         = false
-  resource_group_name           = "rg-shared-westeurope-01"
-  location                      = "westeurope"
-  virtual_network_name          = "vnet-shared-hub-westeurope-001"
-  private_subnet_address_prefix = ["10.1.5.0/29"]
-
-  # SQL Server and Database details
-  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
-  sqlserver_name               = "sqldbserver01"
-  database_name                = "demomssqldb"
-  sql_database_edition         = "Standard"
-  sqldb_service_objective_name = "S1"
-
-  # SQL server extended auditing policy defaults to `true`. 
-  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
-  # DB extended auditing policy defaults to `false`. 
-  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
-  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
-  enable_threat_detection_policy = true
-  log_retention_days             = 30
-
-  # schedule scan notifications to the subscription administrators
-  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
-  enable_vulnerability_assessment = false
-  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
-
-  # Sql failover group creation. required secondary locaiton input. 
-  enable_failover_group         = true
-  secondary_sql_server_location = "northeurope"
-
-  # enabling the Private Endpoints for Sql servers
-  enable_private_endpoint = true
-
-  # AD administrator for an Azure SQL server
-  # Allows you to set a user or group as the AD administrator for an Azure SQL server
-  ad_admin_login_name = "[email protected]"
-
-  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
-  # log analytic workspace name required
-  enable_log_monitoring        = true
-  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
-
-  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
-  enable_firewall_rules = true
-  firewall_rules = [
-    {
-      name             = "access-to-azure"
-      start_ip_address = "0.0.0.0"
-      end_ip_address   = "0.0.0.0"
-    },
-    {
-      name             = "desktop-ip"
-      start_ip_address = "49.204.225.134"
-      end_ip_address   = "49.204.225.134"
-    }
-  ]
-
-  # Create and initialize a database with custom SQL script
-  # need sqlcmd utility to run this command 
-  # your desktop public IP must be added to firewall rules to run this command 
-  initialize_sql_script_execution = true
-  sqldb_init_script_file          = "../artifacts/db-init-sample.sql"
-
-  # Tags for Azure Resources
-  tags = {
-    Terraform   = "true"
-    Environment = "dev"
-    Owner       = "test-user"
-  }
-}
+# Azurerm provider configuration
+provider "azurerm" {
+  features {}
+}
+
+module "mssql-server" {
+  source  = "kumarvna/mssql-db/azurerm"
+  version = "1.3.0"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # SQL Server and Database details
+  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
+  sqlserver_name               = "te-sqldbserver01"
+  database_name                = "demomssqldb"
+  sql_database_edition         = "Standard"
+  sqldb_service_objective_name = "S1"
+
+  # SQL server extended auditing policy defaults to `true`. 
+  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
+  # DB extended auditing policy defaults to `false`. 
+  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+
+  # schedule scan notifications to the subscription administrators
+  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
+  enable_vulnerability_assessment = false
+  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
+
+  # Sql failover group creation. required secondary locaiton input. 
+  enable_failover_group         = true
+  secondary_sql_server_location = "northeurope"
+
+  # enabling the Private Endpoints for Sql servers
+  enable_private_endpoint       = true
+  virtual_network_name          = "vnet-shared-hub-westeurope-001"
+  private_subnet_address_prefix = ["10.1.5.0/29"]
+  # existing_private_dns_zone = "demo.example.com"
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "[email protected]"
+
+  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
+  # log analytic workspace name required
+  enable_log_monitoring        = true
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  enable_firewall_rules = true
+  firewall_rules = [
+    {
+      name             = "access-to-azure"
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    {
+      name             = "desktop-ip"
+      start_ip_address = "123.201.36.94"
+      end_ip_address   = "123.201.36.94"
+    }
+  ]
+
+  # Adding additional TAG's to your Azure resources
+  tags = {
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}