ServerSecurityAlertPolicy

Manages a Security Alert Policy for a MSSQL Server.

NOTE Security Alert Policy is currently only available for MS SQL databases.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
        {
            Location = "West US",
        });
        var exampleSqlServer = new Azure.Sql.SqlServer("exampleSqlServer", new Azure.Sql.SqlServerArgs
        {
            ResourceGroupName = exampleResourceGroup.Name,
            Location = exampleResourceGroup.Location,
            Version = "12.0",
            AdministratorLogin = "4dm1n157r470r",
            AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
        });
        var exampleAccount = new Azure.Storage.Account("exampleAccount", new Azure.Storage.AccountArgs
        {
            ResourceGroupName = exampleResourceGroup.Name,
            Location = exampleResourceGroup.Location,
            AccountTier = "Standard",
            AccountReplicationType = "GRS",
        });
        var exampleServerSecurityAlertPolicy = new Azure.MSSql.ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy", new Azure.MSSql.ServerSecurityAlertPolicyArgs
        {
            ResourceGroupName = exampleResourceGroup.Name,
            ServerName = exampleSqlServer.Name,
            State = "Enabled",
            StorageEndpoint = exampleAccount.PrimaryBlobEndpoint,
            StorageAccountAccessKey = exampleAccount.PrimaryAccessKey,
            DisabledAlerts = 
            {
                "Sql_Injection",
                "Data_Exfiltration",
            },
            RetentionDays = 20,
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
    "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/mssql"
    "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/sql"
    "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/storage"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
            Location: pulumi.String("West US"),
        })
        if err != nil {
            return err
        }
        exampleSqlServer, err := sql.NewSqlServer(ctx, "exampleSqlServer", &sql.SqlServerArgs{
            ResourceGroupName:          exampleResourceGroup.Name,
            Location:                   exampleResourceGroup.Location,
            Version:                    pulumi.String("12.0"),
            AdministratorLogin:         pulumi.String("4dm1n157r470r"),
            AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
        })
        if err != nil {
            return err
        }
        exampleAccount, err := storage.NewAccount(ctx, "exampleAccount", &storage.AccountArgs{
            ResourceGroupName:      exampleResourceGroup.Name,
            Location:               exampleResourceGroup.Location,
            AccountTier:            pulumi.String("Standard"),
            AccountReplicationType: pulumi.String("GRS"),
        })
        if err != nil {
            return err
        }
        _, err = mssql.NewServerSecurityAlertPolicy(ctx, "exampleServerSecurityAlertPolicy", &mssql.ServerSecurityAlertPolicyArgs{
            ResourceGroupName:       exampleResourceGroup.Name,
            ServerName:              exampleSqlServer.Name,
            State:                   pulumi.String("Enabled"),
            StorageEndpoint:         exampleAccount.PrimaryBlobEndpoint,
            StorageAccountAccessKey: exampleAccount.PrimaryAccessKey,
            DisabledAlerts: pulumi.StringArray{
                pulumi.String("Sql_Injection"),
                pulumi.String("Data_Exfiltration"),
            },
            RetentionDays: pulumi.Int(20),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West US")
example_sql_server = azure.sql.SqlServer("exampleSqlServer",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_account = azure.storage.Account("exampleAccount",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    account_tier="Standard",
    account_replication_type="GRS")
example_server_security_alert_policy = azure.mssql.ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy",
    resource_group_name=example_resource_group.name,
    server_name=example_sql_server.name,
    state="Enabled",
    storage_endpoint=example_account.primary_blob_endpoint,
    storage_account_access_key=example_account.primary_access_key,
    disabled_alerts=[
        "Sql_Injection",
        "Data_Exfiltration",
    ],
    retention_days=20)

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West US"});
const exampleSqlServer = new azure.sql.SqlServer("exampleSqlServer", {
    resourceGroupName: exampleResourceGroup.name,
    location: exampleResourceGroup.location,
    version: "12.0",
    administratorLogin: "4dm1n157r470r",
    administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
const exampleAccount = new azure.storage.Account("exampleAccount", {
    resourceGroupName: exampleResourceGroup.name,
    location: exampleResourceGroup.location,
    accountTier: "Standard",
    accountReplicationType: "GRS",
});
const exampleServerSecurityAlertPolicy = new azure.mssql.ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy", {
    resourceGroupName: exampleResourceGroup.name,
    serverName: exampleSqlServer.name,
    state: "Enabled",
    storageEndpoint: exampleAccount.primaryBlobEndpoint,
    storageAccountAccessKey: exampleAccount.primaryAccessKey,
    disabledAlerts: [
        "Sql_Injection",
        "Data_Exfiltration",
    ],
    retentionDays: 20,
});

Create a ServerSecurityAlertPolicy Resource

new ServerSecurityAlertPolicy(name: string, args: ServerSecurityAlertPolicyArgs, opts?: CustomResourceOptions);

def ServerSecurityAlertPolicy(resource_name, opts=None, disabled_alerts=None, email_account_admins=None, email_addresses=None, resource_group_name=None, retention_days=None, server_name=None, state=None, storage_account_access_key=None, storage_endpoint=None, __props__=None);

func NewServerSecurityAlertPolicy(ctx *Context, name string, args ServerSecurityAlertPolicyArgs, opts ...ResourceOption) (*ServerSecurityAlertPolicy, error)

public ServerSecurityAlertPolicy(string name, ServerSecurityAlertPolicyArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args ServerSecurityAlertPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServerSecurityAlertPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServerSecurityAlertPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

ServerSecurityAlertPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ServerSecurityAlertPolicy resource accepts the following input properties:

ResourceGroupName string: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
ServerName string: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
State string: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
DisabledAlerts List<string>: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
EmailAccountAdmins bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses List<string>: Specifies an array of e-mail addresses to which the alert is sent.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

ResourceGroupName string: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
ServerName string: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
State string: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
DisabledAlerts []string: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
EmailAccountAdmins bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses []string: Specifies an array of e-mail addresses to which the alert is sent.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

resourceGroupName string: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
serverName string: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
state string: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
disabledAlerts string[]: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
emailAccountAdmins boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses string[]: Specifies an array of e-mail addresses to which the alert is sent.
retentionDays number: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account.
storageEndpoint string: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

resource_group_name str: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
server_name str: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
state str: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
disabled_alerts List[str]: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
email_account_admins bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
email_addresses List[str]: Specifies an array of e-mail addresses to which the alert is sent.
retention_days float: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storage_account_access_key str: Specifies the identifier key of the Threat Detection audit storage account.
storage_endpoint str: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServerSecurityAlertPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing ServerSecurityAlertPolicy Resource

Get an existing ServerSecurityAlertPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServerSecurityAlertPolicyState, opts?: CustomResourceOptions): ServerSecurityAlertPolicy

static get(resource_name, id, opts=None, disabled_alerts=None, email_account_admins=None, email_addresses=None, resource_group_name=None, retention_days=None, server_name=None, state=None, storage_account_access_key=None, storage_endpoint=None, __props__=None);

func GetServerSecurityAlertPolicy(ctx *Context, name string, id IDInput, state *ServerSecurityAlertPolicyState, opts ...ResourceOption) (*ServerSecurityAlertPolicy, error)

public static ServerSecurityAlertPolicy Get(string name, Input<string> id, ServerSecurityAlertPolicyState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DisabledAlerts List<string>: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
EmailAccountAdmins bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses List<string>: Specifies an array of e-mail addresses to which the alert is sent.
ResourceGroupName string: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
ServerName string: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
State string: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

DisabledAlerts []string: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
EmailAccountAdmins bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses []string: Specifies an array of e-mail addresses to which the alert is sent.
ResourceGroupName string: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
ServerName string: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
State string: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

disabledAlerts string[]: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
emailAccountAdmins boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses string[]: Specifies an array of e-mail addresses to which the alert is sent.
resourceGroupName string: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
retentionDays number: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
serverName string: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
state string: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
storageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account.
storageEndpoint string: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

disabled_alerts List[str]: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.
email_account_admins bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
email_addresses List[str]: Specifies an array of e-mail addresses to which the alert is sent.
resource_group_name str: The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.
retention_days float: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
server_name str: Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.
state str: Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.
storage_account_access_key str: Specifies the identifier key of the Threat Detection audit storage account.
storage_endpoint str: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

Package Details

Repository: https://github.com/pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud