adding example to use existing Vnet and Subnet to create private endpoint

Author: kumarvna

examples/Simple_SQL_Single_Database_creation/README.md

@@ -66,11 +66,13 @@ module "mssql-server" {
     }
   ]
 
-  # Tags for Azure Resources
+  # Adding additional TAG's to your Azure resources
   tags = {
-    Terraform   = "true"
-    Environment = "dev"
-    Owner       = "test-user"
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
   }
 }
 ```

examples/Simple_SQL_Single_Database_creation/main.tf

@@ -59,10 +59,12 @@ module "mssql-server" {
     }
   ]
 
-  # Tags for Azure Resources
+  # Adding additional TAG's to your Azure resources
   tags = {
-    Terraform   = "true"
-    Environment = "dev"
-    Owner       = "test-user"
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
   }
 }

examples/Simple_SQL_Single_Database_with_Private_Endpoint/README.md

@@ -1,4 +1,4 @@
-# Simple Azure SQL single database using private Endpoint
+# Simple Azure SQL single database with private link Endpoint
 
 Terraform module to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, optional azure monitoring vulnerability assessment and private endpoints. It also allows creating an SQL server database with a SQL script initialization.
 
@@ -74,11 +74,13 @@ module "mssql-server" {
     }
   ]
 
-  # Tags for Azure Resources
+  # Adding additional TAG's to your Azure resources
   tags = {
-    Terraform   = "true"
-    Environment = "dev"
-    Owner       = "test-user"
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
   }
 }
 ```

examples/Simple_SQL_Single_Database_with_Private_Endpoint/main.tf

@@ -67,10 +67,12 @@ module "mssql-server" {
     }
   ]
 
-  # Tags for Azure Resources
+  # Adding additional TAG's to your Azure resources
   tags = {
-    Terraform   = "true"
-    Environment = "dev"
-    Owner       = "test-user"
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
   }
 }

examples/Simple_SQL_Single_Database_with_Private_Endpoint_using_existing_VNet_and_Subnets/README.md

@@ -0,0 +1,107 @@
+# Simple Azure SQL single database with private Endpoint using existing VNet and Subnets
+
+Terraform module to create a SQL server with initial database, Azure AD login, Firewall rules for SQL, optional azure monitoring vulnerability assessment and private endpoints. It also allows creating an SQL server database with a SQL script initialization.
+
+## Module Usage
+
+```terraform
+# Azurerm provider configuration
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_virtual_network" "example" {
+  name                = "vnet-shared-hub-westeurope-001"
+  resource_group_name = "rg-shared-westeurope-01"
+}
+
+data "azurerm_subnet" "example" {
+  name                 = "snet-private-ep"
+  virtual_network_name = data.azurerm_virtual_network.example.name
+  resource_group_name  = data.azurerm_virtual_network.example.resource_group_name
+}
+
+module "mssql-server" {
+  source  = "kumarvna/mssql-db/azurerm"
+  version = "1.2.0"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # SQL Server and Database details
+  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
+  sqlserver_name               = "te-sqldbserver01"
+  database_name                = "demomssqldb"
+  sql_database_edition         = "Standard"
+  sqldb_service_objective_name = "S1"
+
+  # SQL server extended auditing policy defaults to `true`. 
+  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
+  # DB extended auditing policy defaults to `false`. 
+  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+
+  # schedule scan notifications to the subscription administrators
+  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
+  enable_vulnerability_assessment = false
+  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
+
+  # enabling the Private Endpoints for Sql servers
+  enable_private_endpoint = true
+  existing_vnet_id        = data.azurerm_virtual_network.example.id
+  existing_subnet_id      = data.azurerm_subnet.example.id
+  # existing_private_dns_zone = "demo.example.com"
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "[email protected]"
+
+  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
+  # log analytic workspace name required
+  enable_log_monitoring        = true
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  enable_firewall_rules = true
+  firewall_rules = [
+    {
+      name             = "access-to-azure"
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    {
+      name             = "desktop-ip"
+      start_ip_address = "123.201.36.94"
+      end_ip_address   = "123.201.36.94"
+    }
+  ]
+
+  # Adding additional TAG's to your Azure resources
+  tags = {
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}
+```
+
+## Terraform Usage
+
+To run this example you need to execute following Terraform commands
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.

examples/Simple_SQL_Single_Database_with_Private_Endpoint_using_existing_VNet_and_Subnets/main.tf

@@ -0,0 +1,87 @@
+# Azurerm provider configuration
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_virtual_network" "example" {
+  name                = "vnet-shared-hub-westeurope-001"
+  resource_group_name = "rg-shared-westeurope-01"
+}
+
+data "azurerm_subnet" "example" {
+  name                 = "snet-private-ep"
+  virtual_network_name = data.azurerm_virtual_network.example.name
+  resource_group_name  = data.azurerm_virtual_network.example.resource_group_name
+}
+
+module "mssql-server" {
+  source  = "kumarvna/mssql-db/azurerm"
+  version = "1.2.0"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # SQL Server and Database details
+  # The valid service objective name for the database include S0, S1, S2, S3, P1, P2, P4, P6, P11 
+  sqlserver_name               = "te-sqldbserver01"
+  database_name                = "demomssqldb"
+  sql_database_edition         = "Standard"
+  sqldb_service_objective_name = "S1"
+
+  # SQL server extended auditing policy defaults to `true`. 
+  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
+  # DB extended auditing policy defaults to `false`. 
+  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+
+  # schedule scan notifications to the subscription administrators
+  # Manage Vulnerability Assessment set `enable_vulnerability_assessment` to `true`
+  enable_vulnerability_assessment = false
+  email_addresses_for_alerts      = ["[email protected]", "[email protected]"]
+
+  # enabling the Private Endpoints for Sql servers
+  enable_private_endpoint = true
+  existing_vnet_id        = data.azurerm_virtual_network.example.id
+  existing_subnet_id      = data.azurerm_subnet.example.id
+  # existing_private_dns_zone = "demo.example.com"
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "[email protected]"
+
+  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
+  # log analytic workspace name required
+  enable_log_monitoring        = true
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  enable_firewall_rules = true
+  firewall_rules = [
+    {
+      name             = "access-to-azure"
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    {
+      name             = "desktop-ip"
+      start_ip_address = "123.201.36.94"
+      end_ip_address   = "123.201.36.94"
+    }
+  ]
+
+  # Adding additional TAG's to your Azure resources
+  tags = {
+    ProjectName  = "demo-project"
+    Env          = "dev"
+    Owner        = "[email protected]"
+    BusinessUnit = "CORP"
+    ServiceClass = "Gold"
+  }
+}

examples/Simple_SQL_Single_Database_with_Private_Endpoint_using_existing_VNet_and_Subnets/output.tf

@@ -0,0 +1,71 @@
+output "resource_group_name" {
+  description = "The name of the resource group in which resources are created"
+  value       = module.mssql-server.resource_group_name
+}
+
+output "resource_group_location" {
+  description = "The location of the resource group in which resources are created"
+  value       = module.mssql-server.resource_group_location
+}
+
+output "storage_account_id" {
+  description = "The ID of the storage account"
+  value       = module.mssql-server.storage_account_id
+}
+
+output "storage_account_name" {
+  description = "The name of the storage account"
+  value       = module.mssql-server.storage_account_name
+}
+
+output "primary_sql_server_id" {
+  description = "The primary Microsoft SQL Server ID"
+  value       = module.mssql-server.primary_sql_server_id
+}
+
+output "primary_sql_server_fqdn" {
+  description = "The fully qualified domain name of the primary Azure SQL Server"
+  value       = module.mssql-server.primary_sql_server_fqdn
+}
+
+output "sql_server_admin_user" {
+  description = "SQL database administrator login id"
+  value       = module.mssql-server.sql_server_admin_user
+  sensitive   = true
+}
+
+output "sql_server_admin_password" {
+  description = "SQL database administrator login password"
+  value       = module.mssql-server.sql_server_admin_password
+  sensitive   = true
+}
+
+output "sql_database_id" {
+  description = "The SQL Database ID"
+  value       = module.mssql-server.sql_database_id
+}
+
+output "sql_database_name" {
+  description = "The SQL Database Name"
+  value       = module.mssql-server.sql_database_name
+}
+
+output "primary_sql_server_private_endpoint" {
+  description = "id of the Primary SQL server Private Endpoint"
+  value       = module.mssql-server.primary_sql_server_private_endpoint
+}
+
+output "sql_server_private_dns_zone_domain" {
+  description = "DNS zone name of SQL server Private endpoints dns name records"
+  value       = module.mssql-server.sql_server_private_dns_zone_domain
+}
+
+output "primary_sql_server_private_endpoint_ip" {
+  description = "Priamary SQL server private endpoint IPv4 Addresses "
+  value       = module.mssql-server.primary_sql_server_private_endpoint_ip
+}
+
+output "primary_sql_server_private_endpoint_fqdn" {
+  description = "Priamary SQL server private endpoint IPv4 Addresses "
+  value       = module.mssql-server.primary_sql_server_private_endpoint_fqdn
+}