1. Docs
  2. Reference
  3. API
  4. pulumi_azure
  5. mssql

This page documents the language specification for the azure package. If you're looking for help working with the inputs, outputs, or functions of azure resources in a Pulumi program, please see the resource documentation for examples and API reference.

mssql

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-azure repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-azurerm repo.

class pulumi_azure.mssql.AwaitableGetDatabaseResult(collation=None, elastic_pool_id=None, id=None, license_type=None, max_size_gb=None, name=None, read_replica_count=None, read_scale=None, server_id=None, sku_name=None, tags=None, zone_redundant=None)
class pulumi_azure.mssql.AwaitableGetElasticPoolResult(id=None, license_type=None, location=None, max_size_bytes=None, max_size_gb=None, name=None, per_db_max_capacity=None, per_db_min_capacity=None, resource_group_name=None, server_name=None, tags=None, zone_redundant=None)
class pulumi_azure.mssql.Database(resource_name, opts=None, auto_pause_delay_in_minutes=None, collation=None, create_mode=None, creation_source_database_id=None, elastic_pool_id=None, extended_auditing_policy=None, license_type=None, max_size_gb=None, min_capacity=None, name=None, read_replica_count=None, read_scale=None, restore_point_in_time=None, sample_name=None, server_id=None, sku_name=None, tags=None, threat_detection_policy=None, zone_redundant=None, __props__=None, __name__=None, __opts__=None)

Manages a MS SQL Database.

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_account = azure.storage.Account("exampleAccount",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    account_tier="Standard",
    account_replication_type="LRS")
example_sql_server = azure.sql.SqlServer("exampleSqlServer",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
test = azure.mssql.Database("test",
    server_id=example_sql_server.id,
    collation="SQL_Latin1_General_CP1_CI_AS",
    license_type="LicenseIncluded",
    max_size_gb=4,
    read_scale=True,
    sku_name="BC_Gen5_2",
    zone_redundant=True,
    extended_auditing_policy={
        "storage_endpoint": example_account.primary_blob_endpoint,
        "storage_account_access_key": example_account.primary_access_key,
        "storageAccountAccessKeyIsSecondary": True,
        "retention_in_days": 6,
    },
    tags={
        "foo": "bar",
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_pause_delay_in_minutes (pulumi.Input[float]) – Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for General Purpose Serverless databases.

  • collation (pulumi.Input[str]) – Specifies the collation of the database. Changing this forces a new resource to be created.

  • create_mode (pulumi.Input[str]) – The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary.

  • creation_source_database_id (pulumi.Input[str]) – The id of the source database to be referred to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

  • elastic_pool_id (pulumi.Input[str]) – Specifies the ID of the elastic pool containing this database. Changing this forces a new resource to be created.

  • extended_auditing_policy (pulumi.Input[dict]) – A extended_auditing_policy block as defined below.

  • license_type (pulumi.Input[str]) – Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.

  • max_size_gb (pulumi.Input[float]) – The max size of the database in gigabytes.

  • min_capacity (pulumi.Input[float]) – Minimal capacity that database will always have allocated, if not paused. This property is only settable for General Purpose Serverless databases.

  • name (pulumi.Input[str]) – The name of the Ms SQL Database. Changing this forces a new resource to be created.

  • read_replica_count (pulumi.Input[float]) – The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.

  • read_scale (pulumi.Input[bool]) – If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.

  • restore_point_in_time (pulumi.Input[str]) – Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.

  • sample_name (pulumi.Input[str]) – Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.

  • server_id (pulumi.Input[str]) – The id of the Ms SQL Server on which to create the database. Changing this forces a new resource to be created.

  • sku_name (pulumi.Input[str]) – Specifies the name of the sku used by the database. Changing this forces a new resource to be created. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • threat_detection_policy (pulumi.Input[dict]) – Threat detection policy configuration. The threat_detection_policy block supports fields documented below.

  • zone_redundant (pulumi.Input[bool]) – Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.

The extended_auditing_policy object supports the following:

  • retention_in_days (pulumi.Input[float]) - Specifies the number of days to retain logs for in the storage account.

  • storage_account_access_key (pulumi.Input[str]) - Specifies the access key to use for the auditing storage account.

  • storageAccountAccessKeyIsSecondary (pulumi.Input[bool]) - Specifies whether storage_account_access_key value is the storage’s secondary key.

  • storage_endpoint (pulumi.Input[str]) - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net).

The threat_detection_policy object supports the following:

  • disabled_alerts (pulumi.Input[list]) - Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.

  • email_account_admins (pulumi.Input[str]) - Should the account administrators be emailed when this alert is triggered?

  • email_addresses (pulumi.Input[list]) - A list of email addresses which alerts should be sent to.

  • retention_days (pulumi.Input[float]) - Specifies the number of days to keep in the Threat Detection audit logs.

  • state (pulumi.Input[str]) - The State of the Policy. Possible values are Enabled, Disabled or New.

  • storage_account_access_key (pulumi.Input[str]) - Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.

  • storage_endpoint (pulumi.Input[str]) - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.

  • useServerDefault (pulumi.Input[str]) - Should the default server policy be used? Defaults to Disabled.

auto_pause_delay_in_minutes: pulumi.Output[float] = None

Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for General Purpose Serverless databases.

collation: pulumi.Output[str] = None

Specifies the collation of the database. Changing this forces a new resource to be created.

create_mode: pulumi.Output[str] = None

The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary.

creation_source_database_id: pulumi.Output[str] = None

The id of the source database to be referred to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

elastic_pool_id: pulumi.Output[str] = None

Specifies the ID of the elastic pool containing this database. Changing this forces a new resource to be created.

extended_auditing_policy: pulumi.Output[dict] = None

A extended_auditing_policy block as defined below.

  • retention_in_days (float) - Specifies the number of days to retain logs for in the storage account.

  • storage_account_access_key (str) - Specifies the access key to use for the auditing storage account.

  • storageAccountAccessKeyIsSecondary (bool) - Specifies whether storage_account_access_key value is the storage’s secondary key.

  • storage_endpoint (str) - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net).

license_type: pulumi.Output[str] = None

Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.

max_size_gb: pulumi.Output[float] = None

The max size of the database in gigabytes.

min_capacity: pulumi.Output[float] = None

Minimal capacity that database will always have allocated, if not paused. This property is only settable for General Purpose Serverless databases.

name: pulumi.Output[str] = None

The name of the Ms SQL Database. Changing this forces a new resource to be created.

read_replica_count: pulumi.Output[float] = None

The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.

read_scale: pulumi.Output[bool] = None

If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.

restore_point_in_time: pulumi.Output[str] = None

Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.

sample_name: pulumi.Output[str] = None

Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.

server_id: pulumi.Output[str] = None

The id of the Ms SQL Server on which to create the database. Changing this forces a new resource to be created.

sku_name: pulumi.Output[str] = None

Specifies the name of the sku used by the database. Changing this forces a new resource to be created. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100.

tags: pulumi.Output[dict] = None

A mapping of tags to assign to the resource.

threat_detection_policy: pulumi.Output[dict] = None

Threat detection policy configuration. The threat_detection_policy block supports fields documented below.

  • disabled_alerts (list) - Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.

  • email_account_admins (str) - Should the account administrators be emailed when this alert is triggered?

  • email_addresses (list) - A list of email addresses which alerts should be sent to.

  • retention_days (float) - Specifies the number of days to keep in the Threat Detection audit logs.

  • state (str) - The State of the Policy. Possible values are Enabled, Disabled or New.

  • storage_account_access_key (str) - Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.

  • storage_endpoint (str) - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.

  • useServerDefault (str) - Should the default server policy be used? Defaults to Disabled.

zone_redundant: pulumi.Output[bool] = None

Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.

static get(resource_name, id, opts=None, auto_pause_delay_in_minutes=None, collation=None, create_mode=None, creation_source_database_id=None, elastic_pool_id=None, extended_auditing_policy=None, license_type=None, max_size_gb=None, min_capacity=None, name=None, read_replica_count=None, read_scale=None, restore_point_in_time=None, sample_name=None, server_id=None, sku_name=None, tags=None, threat_detection_policy=None, zone_redundant=None)

Get an existing Database resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_pause_delay_in_minutes (pulumi.Input[float]) – Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for General Purpose Serverless databases.

  • collation (pulumi.Input[str]) – Specifies the collation of the database. Changing this forces a new resource to be created.

  • create_mode (pulumi.Input[str]) – The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary.

  • creation_source_database_id (pulumi.Input[str]) – The id of the source database to be referred to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

  • elastic_pool_id (pulumi.Input[str]) – Specifies the ID of the elastic pool containing this database. Changing this forces a new resource to be created.

  • extended_auditing_policy (pulumi.Input[dict]) – A extended_auditing_policy block as defined below.

  • license_type (pulumi.Input[str]) – Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.

  • max_size_gb (pulumi.Input[float]) – The max size of the database in gigabytes.

  • min_capacity (pulumi.Input[float]) – Minimal capacity that database will always have allocated, if not paused. This property is only settable for General Purpose Serverless databases.

  • name (pulumi.Input[str]) – The name of the Ms SQL Database. Changing this forces a new resource to be created.

  • read_replica_count (pulumi.Input[float]) – The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.

  • read_scale (pulumi.Input[bool]) – If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.

  • restore_point_in_time (pulumi.Input[str]) – Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.

  • sample_name (pulumi.Input[str]) – Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.

  • server_id (pulumi.Input[str]) – The id of the Ms SQL Server on which to create the database. Changing this forces a new resource to be created.

  • sku_name (pulumi.Input[str]) – Specifies the name of the sku used by the database. Changing this forces a new resource to be created. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • threat_detection_policy (pulumi.Input[dict]) – Threat detection policy configuration. The threat_detection_policy block supports fields documented below.

  • zone_redundant (pulumi.Input[bool]) – Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.

The extended_auditing_policy object supports the following:

  • retention_in_days (pulumi.Input[float]) - Specifies the number of days to retain logs for in the storage account.

  • storage_account_access_key (pulumi.Input[str]) - Specifies the access key to use for the auditing storage account.

  • storageAccountAccessKeyIsSecondary (pulumi.Input[bool]) - Specifies whether storage_account_access_key value is the storage’s secondary key.

  • storage_endpoint (pulumi.Input[str]) - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net).

The threat_detection_policy object supports the following:

  • disabled_alerts (pulumi.Input[list]) - Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.

  • email_account_admins (pulumi.Input[str]) - Should the account administrators be emailed when this alert is triggered?

  • email_addresses (pulumi.Input[list]) - A list of email addresses which alerts should be sent to.

  • retention_days (pulumi.Input[float]) - Specifies the number of days to keep in the Threat Detection audit logs.

  • state (pulumi.Input[str]) - The State of the Policy. Possible values are Enabled, Disabled or New.

  • storage_account_access_key (pulumi.Input[str]) - Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.

  • storage_endpoint (pulumi.Input[str]) - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.

  • useServerDefault (pulumi.Input[str]) - Should the default server policy be used? Defaults to Disabled.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.mssql.DatabaseVulnerabilityAssessmentRuleBaseline(resource_name, opts=None, baseline_name=None, baseline_results=None, database_name=None, rule_id=None, server_vulnerability_assessment_id=None, __props__=None, __name__=None, __opts__=None)

Manages a Database Vulnerability Assessment Rule Baseline.

NOTE Database Vulnerability Assessment is currently only available for MS SQL databases.

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West US")
example_sql_server = azure.sql.SqlServer("exampleSqlServer",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_account = azure.storage.Account("exampleAccount",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    account_tier="Standard",
    account_replication_type="GRS")
example_container = azure.storage.Container("exampleContainer",
    storage_account_name=example_account.name,
    container_access_type="private")
example_server_security_alert_policy = azure.mssql.ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy",
    resource_group_name=example_resource_group.name,
    server_name=example_sql_server.name,
    state="Enabled")
example_database = azure.sql.Database("exampleDatabase",
    resource_group_name=example_resource_group.name,
    server_name=example_sql_server.name,
    location=example_resource_group.location,
    edition="Standard")
example_server_vulnerability_assessment = azure.mssql.ServerVulnerabilityAssessment("exampleServerVulnerabilityAssessment",
    server_security_alert_policy_id=example_server_security_alert_policy.id,
    storage_container_path=pulumi.Output.all(example_account.primary_blob_endpoint, example_container.name).apply(lambda primary_blob_endpoint, name: f"{primary_blob_endpoint}{name}/"),
    storage_account_access_key=example_account.primary_access_key)
example_database_vulnerability_assessment_rule_baseline = azure.mssql.DatabaseVulnerabilityAssessmentRuleBaseline("exampleDatabaseVulnerabilityAssessmentRuleBaseline",
    server_vulnerability_assessment_id=example_server_vulnerability_assessment.id,
    database_name=example_database.name,
    rule_id="VA2065",
    baseline_name="master",
    baseline_result=[
        {
            "results": [
                "allowedip1",
                "123.123.123.123",
                "123.123.123.123",
            ],
        },
        {
            "results": [
                "allowedip2",
                "255.255.255.255",
                "255.255.255.255",
            ],
        },
    ])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • baseline_name (pulumi.Input[str]) – The name of the vulnerability assessment rule baseline. Valid options are default and master. default implies a baseline on a database level rule and master for server level rule. Defaults to default. Changing this forces a new resource to be created.

  • baseline_results (pulumi.Input[list]) – A baseline_result block as documented below. Multiple blocks can be defined.

  • database_name (pulumi.Input[str]) – Specifies the name of the MS SQL Database. Changing this forces a new resource to be created.

  • rule_id (pulumi.Input[str]) – The vulnerability assessment rule ID. Changing this forces a new resource to be created.

  • server_vulnerability_assessment_id (pulumi.Input[str]) – The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created.

The baseline_results object supports the following:

  • results (pulumi.Input[list]) - A list representing a result of the baseline.

baseline_name: pulumi.Output[str] = None

The name of the vulnerability assessment rule baseline. Valid options are default and master. default implies a baseline on a database level rule and master for server level rule. Defaults to default. Changing this forces a new resource to be created.

baseline_results: pulumi.Output[list] = None

A baseline_result block as documented below. Multiple blocks can be defined.

  • results (list) - A list representing a result of the baseline.

database_name: pulumi.Output[str] = None

Specifies the name of the MS SQL Database. Changing this forces a new resource to be created.

rule_id: pulumi.Output[str] = None

The vulnerability assessment rule ID. Changing this forces a new resource to be created.

server_vulnerability_assessment_id: pulumi.Output[str] = None

The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created.

static get(resource_name, id, opts=None, baseline_name=None, baseline_results=None, database_name=None, rule_id=None, server_vulnerability_assessment_id=None)

Get an existing DatabaseVulnerabilityAssessmentRuleBaseline resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • baseline_name (pulumi.Input[str]) – The name of the vulnerability assessment rule baseline. Valid options are default and master. default implies a baseline on a database level rule and master for server level rule. Defaults to default. Changing this forces a new resource to be created.

  • baseline_results (pulumi.Input[list]) – A baseline_result block as documented below. Multiple blocks can be defined.

  • database_name (pulumi.Input[str]) – Specifies the name of the MS SQL Database. Changing this forces a new resource to be created.

  • rule_id (pulumi.Input[str]) – The vulnerability assessment rule ID. Changing this forces a new resource to be created.

  • server_vulnerability_assessment_id (pulumi.Input[str]) – The Vulnerability Assessment ID of the MS SQL Server. Changing this forces a new resource to be created.

The baseline_results object supports the following:

  • results (pulumi.Input[list]) - A list representing a result of the baseline.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.mssql.ElasticPool(resource_name, opts=None, license_type=None, location=None, max_size_bytes=None, max_size_gb=None, name=None, per_database_settings=None, resource_group_name=None, server_name=None, sku=None, tags=None, zone_redundant=None, __props__=None, __name__=None, __opts__=None)

Allows you to manage an Azure SQL Elastic Pool via the v3.0 API which allows for vCore and DTU based configurations.

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="westeurope")
example_sql_server = azure.sql.SqlServer("exampleSqlServer",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_elastic_pool = azure.mssql.ElasticPool("exampleElasticPool",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    server_name=example_sql_server.name,
    license_type="LicenseIncluded",
    max_size_gb=756,
    sku={
        "name": "GP_Gen5",
        "tier": "GeneralPurpose",
        "family": "Gen5",
        "capacity": 4,
    },
    per_database_settings={
        "min_capacity": 0.25,
        "maxCapacity": 4,
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • license_type (pulumi.Input[str]) – Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.

  • location (pulumi.Input[str]) – Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • max_size_bytes (pulumi.Input[float]) – The max data size of the elastic pool in bytes. Conflicts with max_size_gb.

  • max_size_gb (pulumi.Input[float]) – The max data size of the elastic pool in gigabytes. Conflicts with max_size_bytes.

  • name (pulumi.Input[str]) – The name of the elastic pool. This needs to be globally unique. Changing this forces a new resource to be created.

  • per_database_settings (pulumi.Input[dict]) – A per_database_settings block as defined below.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the elastic pool. This must be the same as the resource group of the underlying SQL server.

  • server_name (pulumi.Input[str]) – The name of the SQL Server on which to create the elastic pool. Changing this forces a new resource to be created.

  • sku (pulumi.Input[dict]) – A sku block as defined below.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • zone_redundant (pulumi.Input[bool]) – Whether or not this elastic pool is zone redundant. tier needs to be Premium for DTU based or BusinessCritical for vCore based sku. Defaults to false.

The per_database_settings object supports the following:

  • maxCapacity (pulumi.Input[float]) - The maximum capacity any one database can consume.

  • min_capacity (pulumi.Input[float]) - The minimum capacity all databases are guaranteed.

The sku object supports the following:

  • capacity (pulumi.Input[float]) - The scale up/out capacity, representing server’s compute units. For more information see the documentation for your Elasticpool configuration: vCore-based or DTU-based.

  • family (pulumi.Input[str]) - The family of hardware Gen4 or Gen5.

  • name (pulumi.Input[str]) - Specifies the SKU Name for this Elasticpool. The name of the SKU, will be either vCore based tier + family pattern (e.g. GP_Gen4, BC_Gen5) or the DTU based BasicPool, StandardPool, or PremiumPool pattern.

  • tier (pulumi.Input[str]) - The tier of the particular SKU. Possible values are GeneralPurpose, BusinessCritical, Basic, Standard, or Premium. For more information see the documentation for your Elasticpool configuration: vCore-based or DTU-based.

license_type: pulumi.Output[str] = None

Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.

location: pulumi.Output[str] = None

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

max_size_bytes: pulumi.Output[float] = None

The max data size of the elastic pool in bytes. Conflicts with max_size_gb.

max_size_gb: pulumi.Output[float] = None

The max data size of the elastic pool in gigabytes. Conflicts with max_size_bytes.

name: pulumi.Output[str] = None

The name of the elastic pool. This needs to be globally unique. Changing this forces a new resource to be created.

per_database_settings: pulumi.Output[dict] = None

A per_database_settings block as defined below.

  • maxCapacity (float) - The maximum capacity any one database can consume.

  • min_capacity (float) - The minimum capacity all databases are guaranteed.

resource_group_name: pulumi.Output[str] = None

The name of the resource group in which to create the elastic pool. This must be the same as the resource group of the underlying SQL server.

server_name: pulumi.Output[str] = None

The name of the SQL Server on which to create the elastic pool. Changing this forces a new resource to be created.

sku: pulumi.Output[dict] = None

A sku block as defined below.

  • capacity (float) - The scale up/out capacity, representing server’s compute units. For more information see the documentation for your Elasticpool configuration: vCore-based or DTU-based.

  • family (str) - The family of hardware Gen4 or Gen5.

  • name (str) - Specifies the SKU Name for this Elasticpool. The name of the SKU, will be either vCore based tier + family pattern (e.g. GP_Gen4, BC_Gen5) or the DTU based BasicPool, StandardPool, or PremiumPool pattern.

  • tier (str) - The tier of the particular SKU. Possible values are GeneralPurpose, BusinessCritical, Basic, Standard, or Premium. For more information see the documentation for your Elasticpool configuration: vCore-based or DTU-based.

tags: pulumi.Output[dict] = None

A mapping of tags to assign to the resource.

zone_redundant: pulumi.Output[bool] = None

Whether or not this elastic pool is zone redundant. tier needs to be Premium for DTU based or BusinessCritical for vCore based sku. Defaults to false.

static get(resource_name, id, opts=None, license_type=None, location=None, max_size_bytes=None, max_size_gb=None, name=None, per_database_settings=None, resource_group_name=None, server_name=None, sku=None, tags=None, zone_redundant=None)

Get an existing ElasticPool resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • license_type (pulumi.Input[str]) – Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.

  • location (pulumi.Input[str]) – Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • max_size_bytes (pulumi.Input[float]) – The max data size of the elastic pool in bytes. Conflicts with max_size_gb.

  • max_size_gb (pulumi.Input[float]) – The max data size of the elastic pool in gigabytes. Conflicts with max_size_bytes.

  • name (pulumi.Input[str]) – The name of the elastic pool. This needs to be globally unique. Changing this forces a new resource to be created.

  • per_database_settings (pulumi.Input[dict]) – A per_database_settings block as defined below.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the elastic pool. This must be the same as the resource group of the underlying SQL server.

  • server_name (pulumi.Input[str]) – The name of the SQL Server on which to create the elastic pool. Changing this forces a new resource to be created.

  • sku (pulumi.Input[dict]) – A sku block as defined below.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • zone_redundant (pulumi.Input[bool]) – Whether or not this elastic pool is zone redundant. tier needs to be Premium for DTU based or BusinessCritical for vCore based sku. Defaults to false.

The per_database_settings object supports the following:

  • maxCapacity (pulumi.Input[float]) - The maximum capacity any one database can consume.

  • min_capacity (pulumi.Input[float]) - The minimum capacity all databases are guaranteed.

The sku object supports the following:

  • capacity (pulumi.Input[float]) - The scale up/out capacity, representing server’s compute units. For more information see the documentation for your Elasticpool configuration: vCore-based or DTU-based.

  • family (pulumi.Input[str]) - The family of hardware Gen4 or Gen5.

  • name (pulumi.Input[str]) - Specifies the SKU Name for this Elasticpool. The name of the SKU, will be either vCore based tier + family pattern (e.g. GP_Gen4, BC_Gen5) or the DTU based BasicPool, StandardPool, or PremiumPool pattern.

  • tier (pulumi.Input[str]) - The tier of the particular SKU. Possible values are GeneralPurpose, BusinessCritical, Basic, Standard, or Premium. For more information see the documentation for your Elasticpool configuration: vCore-based or DTU-based.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.mssql.GetDatabaseResult(collation=None, elastic_pool_id=None, id=None, license_type=None, max_size_gb=None, name=None, read_replica_count=None, read_scale=None, server_id=None, sku_name=None, tags=None, zone_redundant=None)

A collection of values returned by getDatabase.

collation = None

The collation of the database.

elastic_pool_id = None

The id of the elastic pool containing this database.

id = None

The provider-assigned unique ID for this managed resource.

license_type = None

The license type to apply for this database.

max_size_gb = None

The max size of the database in gigabytes.

read_replica_count = None

The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed.

read_scale = None

If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica.

sku_name = None

The name of the sku of the database.

tags = None

A mapping of tags to assign to the resource.

zone_redundant = None

Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones.

class pulumi_azure.mssql.GetElasticPoolResult(id=None, license_type=None, location=None, max_size_bytes=None, max_size_gb=None, name=None, per_db_max_capacity=None, per_db_min_capacity=None, resource_group_name=None, server_name=None, tags=None, zone_redundant=None)

A collection of values returned by getElasticPool.

id = None

The provider-assigned unique ID for this managed resource.

license_type = None

The license type to apply for this database.

location = None

Specifies the supported Azure location where the resource exists.

max_size_bytes = None

The max data size of the elastic pool in bytes.

max_size_gb = None

The max data size of the elastic pool in gigabytes.

per_db_max_capacity = None

The maximum capacity any one database can consume.

per_db_min_capacity = None

The minimum capacity all databases are guaranteed.

tags = None

A mapping of tags to assign to the resource.

zone_redundant = None

Whether or not this elastic pool is zone redundant.

class pulumi_azure.mssql.Server(resource_name, opts=None, administrator_login=None, administrator_login_password=None, azuread_administrator=None, connection_policy=None, extended_auditing_policy=None, identity=None, location=None, name=None, public_network_access_enabled=None, resource_group_name=None, tags=None, version=None, __props__=None, __name__=None, __opts__=None)

Manages a Microsoft SQL Azure Database Server.

Note: All arguments including the administrator login and password will be stored in the raw state as plain-text. Read more about sensitive data in state.

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West US")
example_account = azure.storage.Account("exampleAccount",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    account_tier="Standard",
    account_replication_type="LRS")
example_server = azure.mssql.Server("exampleServer",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    version="12.0",
    administrator_login="missadministrator",
    administrator_login_password="thisIsKat11",
    azuread_administrator={
        "loginUsername": "AzureAD Admin",
        "object_id": "00000000-0000-0000-0000-000000000000",
    },
    extended_auditing_policy={
        "storage_endpoint": example_account.primary_blob_endpoint,
        "storage_account_access_key": example_account.primary_access_key,
        "storageAccountAccessKeyIsSecondary": True,
        "retention_in_days": 6,
    },
    tags={
        "environment": "production",
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • administrator_login (pulumi.Input[str]) – The administrator login name for the new server. Changing this forces a new resource to be created.

  • administrator_login_password (pulumi.Input[str]) – The password associated with the administrator_login user. Needs to comply with Azure’s Password Policy

  • azuread_administrator (pulumi.Input[dict]) – An azuread_administrator block as defined below.

  • connection_policy (pulumi.Input[str]) – The connection policy the server will use. Possible values are Default, Proxy, and Redirect. Defaults to Default.

  • extended_auditing_policy (pulumi.Input[dict]) – A extended_auditing_policy block as defined below.

  • identity (pulumi.Input[dict]) – An identity block as defined below.

  • location (pulumi.Input[str]) – Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • name (pulumi.Input[str]) – The name of the Microsoft SQL Server. This needs to be globally unique within Azure.

  • public_network_access_enabled (pulumi.Input[bool]) – Whether or not public network access is allowed for this server. Defaults to true.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the Microsoft SQL Server.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • version (pulumi.Input[str]) – The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).

The azuread_administrator object supports the following:

  • loginUsername (pulumi.Input[str]) - (Required) The login username of the Azure AD Administrator of this SQL Server.

  • object_id (pulumi.Input[str]) - (Required) The object id of the Azure AD Administrator of this SQL Server.

  • tenant_id (pulumi.Input[str]) - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.

The extended_auditing_policy object supports the following:

  • retention_in_days (pulumi.Input[float]) - (Optional) Specifies the number of days to retain logs for in the storage account.

  • storage_account_access_key (pulumi.Input[str]) - (Required) Specifies the access key to use for the auditing storage account.

  • storageAccountAccessKeyIsSecondary (pulumi.Input[bool]) - (Optional) Specifies whether storage_account_access_key value is the storage’s secondary key.

  • storage_endpoint (pulumi.Input[str]) - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net).

The identity object supports the following:

  • principal_id (pulumi.Input[str]) - The Principal ID for the Service Principal associated with the Identity of this SQL Server.

  • tenant_id (pulumi.Input[str]) - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.

  • type (pulumi.Input[str]) - Specifies the identity type of the Microsoft SQL Server. At this time the only allowed value is SystemAssigned.

administrator_login: pulumi.Output[str] = None

The administrator login name for the new server. Changing this forces a new resource to be created.

administrator_login_password: pulumi.Output[str] = None

The password associated with the administrator_login user. Needs to comply with Azure’s Password Policy

azuread_administrator: pulumi.Output[dict] = None

An azuread_administrator block as defined below.

  • loginUsername (str) - (Required) The login username of the Azure AD Administrator of this SQL Server.

  • object_id (str) - (Required) The object id of the Azure AD Administrator of this SQL Server.

  • tenant_id (str) - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.

connection_policy: pulumi.Output[str] = None

The connection policy the server will use. Possible values are Default, Proxy, and Redirect. Defaults to Default.

extended_auditing_policy: pulumi.Output[dict] = None

A extended_auditing_policy block as defined below.

  • retention_in_days (float) - (Optional) Specifies the number of days to retain logs for in the storage account.

  • storage_account_access_key (str) - (Required) Specifies the access key to use for the auditing storage account.

  • storageAccountAccessKeyIsSecondary (bool) - (Optional) Specifies whether storage_account_access_key value is the storage’s secondary key.

  • storage_endpoint (str) - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net).

fully_qualified_domain_name: pulumi.Output[str] = None

The fully qualified domain name of the Azure SQL Server (e.g. myServerName.database.windows.net)

identity: pulumi.Output[dict] = None

An identity block as defined below.

  • principal_id (str) - The Principal ID for the Service Principal associated with the Identity of this SQL Server.

  • tenant_id (str) - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.

  • type (str) - Specifies the identity type of the Microsoft SQL Server. At this time the only allowed value is SystemAssigned.

location: pulumi.Output[str] = None

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

name: pulumi.Output[str] = None

The name of the Microsoft SQL Server. This needs to be globally unique within Azure.

public_network_access_enabled: pulumi.Output[bool] = None

Whether or not public network access is allowed for this server. Defaults to true.

resource_group_name: pulumi.Output[str] = None

The name of the resource group in which to create the Microsoft SQL Server.

tags: pulumi.Output[dict] = None

A mapping of tags to assign to the resource.

version: pulumi.Output[str] = None

The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).

static get(resource_name, id, opts=None, administrator_login=None, administrator_login_password=None, azuread_administrator=None, connection_policy=None, extended_auditing_policy=None, fully_qualified_domain_name=None, identity=None, location=None, name=None, public_network_access_enabled=None, resource_group_name=None, tags=None, version=None)

Get an existing Server resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • administrator_login (pulumi.Input[str]) – The administrator login name for the new server. Changing this forces a new resource to be created.

  • administrator_login_password (pulumi.Input[str]) –

    The password associated with the administrator_login user. Needs to comply with Azure’s Password Policy

  • azuread_administrator (pulumi.Input[dict]) – An azuread_administrator block as defined below.

  • connection_policy (pulumi.Input[str]) – The connection policy the server will use. Possible values are Default, Proxy, and Redirect. Defaults to Default.

  • extended_auditing_policy (pulumi.Input[dict]) – A extended_auditing_policy block as defined below.

  • fully_qualified_domain_name (pulumi.Input[str]) – The fully qualified domain name of the Azure SQL Server (e.g. myServerName.database.windows.net)

  • identity (pulumi.Input[dict]) – An identity block as defined below.

  • location (pulumi.Input[str]) – Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • name (pulumi.Input[str]) – The name of the Microsoft SQL Server. This needs to be globally unique within Azure.

  • public_network_access_enabled (pulumi.Input[bool]) – Whether or not public network access is allowed for this server. Defaults to true.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group in which to create the Microsoft SQL Server.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • version (pulumi.Input[str]) – The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).

The azuread_administrator object supports the following:

  • loginUsername (pulumi.Input[str]) - (Required) The login username of the Azure AD Administrator of this SQL Server.

  • object_id (pulumi.Input[str]) - (Required) The object id of the Azure AD Administrator of this SQL Server.

  • tenant_id (pulumi.Input[str]) - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.

The extended_auditing_policy object supports the following:

  • retention_in_days (pulumi.Input[float]) - (Optional) Specifies the number of days to retain logs for in the storage account.

  • storage_account_access_key (pulumi.Input[str]) - (Required) Specifies the access key to use for the auditing storage account.

  • storageAccountAccessKeyIsSecondary (pulumi.Input[bool]) - (Optional) Specifies whether storage_account_access_key value is the storage’s secondary key.

  • storage_endpoint (pulumi.Input[str]) - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net).

The identity object supports the following:

  • principal_id (pulumi.Input[str]) - The Principal ID for the Service Principal associated with the Identity of this SQL Server.

  • tenant_id (pulumi.Input[str]) - (Optional) The tenant id of the Azure AD Administrator of this SQL Server.

  • type (pulumi.Input[str]) - Specifies the identity type of the Microsoft SQL Server. At this time the only allowed value is SystemAssigned.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.mssql.ServerSecurityAlertPolicy(resource_name, opts=None, disabled_alerts=None, email_account_admins=None, email_addresses=None, resource_group_name=None, retention_days=None, server_name=None, state=None, storage_account_access_key=None, storage_endpoint=None, __props__=None, __name__=None, __opts__=None)

Manages a Security Alert Policy for a MSSQL Server.

NOTE Security Alert Policy is currently only available for MS SQL databases.

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West US")
example_sql_server = azure.sql.SqlServer("exampleSqlServer",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_account = azure.storage.Account("exampleAccount",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    account_tier="Standard",
    account_replication_type="GRS")
example_server_security_alert_policy = azure.mssql.ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy",
    resource_group_name=example_resource_group.name,
    server_name=example_sql_server.name,
    state="Enabled",
    storage_endpoint=example_account.primary_blob_endpoint,
    storage_account_access_key=example_account.primary_access_key,
    disabled_alerts=[
        "Sql_Injection",
        "Data_Exfiltration",
    ],
    retention_days=20)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • disabled_alerts (pulumi.Input[list]) – Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.

  • email_account_admins (pulumi.Input[bool]) – Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.

  • email_addresses (pulumi.Input[list]) – Specifies an array of e-mail addresses to which the alert is sent.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.

  • retention_days (pulumi.Input[float]) – Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.

  • server_name (pulumi.Input[str]) – Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.

  • state (pulumi.Input[str]) – Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.

  • storage_account_access_key (pulumi.Input[str]) – Specifies the identifier key of the Threat Detection audit storage account.

  • storage_endpoint (pulumi.Input[str]) – Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

disabled_alerts: pulumi.Output[list] = None

Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.

email_account_admins: pulumi.Output[bool] = None

Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.

email_addresses: pulumi.Output[list] = None

Specifies an array of e-mail addresses to which the alert is sent.

resource_group_name: pulumi.Output[str] = None

The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.

retention_days: pulumi.Output[float] = None

Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.

server_name: pulumi.Output[str] = None

Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.

state: pulumi.Output[str] = None

Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.

storage_account_access_key: pulumi.Output[str] = None

Specifies the identifier key of the Threat Detection audit storage account.

storage_endpoint: pulumi.Output[str] = None

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

static get(resource_name, id, opts=None, disabled_alerts=None, email_account_admins=None, email_addresses=None, resource_group_name=None, retention_days=None, server_name=None, state=None, storage_account_access_key=None, storage_endpoint=None)

Get an existing ServerSecurityAlertPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • disabled_alerts (pulumi.Input[list]) – Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action.

  • email_account_admins (pulumi.Input[bool]) – Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.

  • email_addresses (pulumi.Input[list]) – Specifies an array of e-mail addresses to which the alert is sent.

  • resource_group_name (pulumi.Input[str]) – The name of the resource group that contains the MS SQL Server. Changing this forces a new resource to be created.

  • retention_days (pulumi.Input[float]) – Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.

  • server_name (pulumi.Input[str]) – Specifies the name of the MS SQL Server. Changing this forces a new resource to be created.

  • state (pulumi.Input[str]) – Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database server. Allowed values are: Disabled, Enabled.

  • storage_account_access_key (pulumi.Input[str]) – Specifies the identifier key of the Threat Detection audit storage account.

  • storage_endpoint (pulumi.Input[str]) – Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.mssql.ServerVulnerabilityAssessment(resource_name, opts=None, recurring_scans=None, server_security_alert_policy_id=None, storage_account_access_key=None, storage_container_path=None, storage_container_sas_key=None, __props__=None, __name__=None, __opts__=None)

Manages the Vulnerability Assessment for a MS SQL Server.

NOTE Vulnerability Assessment is currently only available for MS SQL databases.

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West US")
example_sql_server = azure.sql.SqlServer("exampleSqlServer",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_account = azure.storage.Account("exampleAccount",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    account_tier="Standard",
    account_replication_type="GRS")
example_container = azure.storage.Container("exampleContainer",
    storage_account_name=example_account.name,
    container_access_type="private")
example_server_security_alert_policy = azure.mssql.ServerSecurityAlertPolicy("exampleServerSecurityAlertPolicy",
    resource_group_name=example_resource_group.name,
    server_name=example_sql_server.name,
    state="Enabled")
example_server_vulnerability_assessment = azure.mssql.ServerVulnerabilityAssessment("exampleServerVulnerabilityAssessment",
    server_security_alert_policy_id=example_server_security_alert_policy.id,
    storage_container_path=pulumi.Output.all(example_account.primary_blob_endpoint, example_container.name).apply(lambda primary_blob_endpoint, name: f"{primary_blob_endpoint}{name}/"),
    storage_account_access_key=example_account.primary_access_key,
    recurring_scans={
        "enabled": True,
        "emailSubscriptionAdmins": True,
        "emails": [
            "email@example1.com",
            "email@example2.com",
        ],
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • recurring_scans (pulumi.Input[dict]) – The recurring scans settings. The recurring_scans block supports fields documented below.

  • server_security_alert_policy_id (pulumi.Input[str]) – The id of the security alert policy of the MS SQL Server. Changing this forces a new resource to be created.

  • storage_account_access_key (pulumi.Input[str]) – Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn’t specified, storage_account_access_key is required.

  • storage_container_path (pulumi.Input[str]) – A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).

  • storage_container_sas_key (pulumi.Input[str]) – A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn’t specified, storage_container_sas_key is required.

The recurring_scans object supports the following:

  • emailSubscriptionAdmins (pulumi.Input[bool]) - Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to false.

  • emails (pulumi.Input[list]) - Specifies an array of e-mail addresses to which the scan notification is sent.

  • enabled (pulumi.Input[bool]) - Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to false.

recurring_scans: pulumi.Output[dict] = None

The recurring scans settings. The recurring_scans block supports fields documented below.

  • emailSubscriptionAdmins (bool) - Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to false.

  • emails (list) - Specifies an array of e-mail addresses to which the scan notification is sent.

  • enabled (bool) - Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to false.

server_security_alert_policy_id: pulumi.Output[str] = None

The id of the security alert policy of the MS SQL Server. Changing this forces a new resource to be created.

storage_account_access_key: pulumi.Output[str] = None

Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn’t specified, storage_account_access_key is required.

storage_container_path: pulumi.Output[str] = None

A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).

storage_container_sas_key: pulumi.Output[str] = None

A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn’t specified, storage_container_sas_key is required.

static get(resource_name, id, opts=None, recurring_scans=None, server_security_alert_policy_id=None, storage_account_access_key=None, storage_container_path=None, storage_container_sas_key=None)

Get an existing ServerVulnerabilityAssessment resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • recurring_scans (pulumi.Input[dict]) – The recurring scans settings. The recurring_scans block supports fields documented below.

  • server_security_alert_policy_id (pulumi.Input[str]) – The id of the security alert policy of the MS SQL Server. Changing this forces a new resource to be created.

  • storage_account_access_key (pulumi.Input[str]) – Specifies the identifier key of the storage account for vulnerability assessment scan results. If storage_container_sas_key isn’t specified, storage_account_access_key is required.

  • storage_container_path (pulumi.Input[str]) – A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).

  • storage_container_sas_key (pulumi.Input[str]) – A shared access signature (SAS Key) that has write access to the blob container specified in storage_container_path parameter. If storage_account_access_key isn’t specified, storage_container_sas_key is required.

The recurring_scans object supports the following:

  • emailSubscriptionAdmins (pulumi.Input[bool]) - Boolean flag which specifies if the schedule scan notification will be sent to the subscription administrators. Defaults to false.

  • emails (pulumi.Input[list]) - Specifies an array of e-mail addresses to which the scan notification is sent.

  • enabled (pulumi.Input[bool]) - Boolean flag which specifies if recurring scans is enabled or disabled. Defaults to false.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_azure.mssql.VirtualMachine(resource_name, opts=None, auto_patching=None, key_vault_credential=None, r_services_enabled=None, sql_connectivity_port=None, sql_connectivity_type=None, sql_connectivity_update_password=None, sql_connectivity_update_username=None, sql_license_type=None, tags=None, virtual_machine_id=None, __props__=None, __name__=None, __opts__=None)

Manages a Microsoft SQL Virtual Machine

import pulumi
import pulumi_azure as azure

example_virtual_machine = azure.compute.get_virtual_machine(name="example-vm",
    resource_group_name="example-resources")
example_mssql_virtual_machine_virtual_machine = azure.mssql.VirtualMachine("exampleMssql/virtualMachineVirtualMachine",
    virtual_machine_id=example_virtual_machine.id,
    sql_license_type="PAYG",
    r_services_enabled=True,
    sql_connectivity_port=1433,
    sql_connectivity_type="PRIVATE",
    sql_connectivity_update_password="Password1234!",
    sql_connectivity_update_username="sqllogin",
    auto_patching={
        "dayOfWeek": "Sunday",
        "maintenanceWindowDurationInMinutes": 60,
        "maintenanceWindowStartingHour": 2,
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_patching (pulumi.Input[dict]) – An auto_patching block as defined below.

  • key_vault_credential (pulumi.Input[dict]) – (Optional) An key_vault_credential block as defined below.

  • r_services_enabled (pulumi.Input[bool]) – Should R Services be enabled?

  • sql_connectivity_port (pulumi.Input[float]) – The SQL Server port. Defaults to 1433.

  • sql_connectivity_type (pulumi.Input[str]) – The connectivity type used for this SQL Server. Defaults to PRIVATE.

  • sql_connectivity_update_password (pulumi.Input[str]) – The SQL Server sysadmin login password.

  • sql_connectivity_update_username (pulumi.Input[str]) – The SQL Server sysadmin login to create.

  • sql_license_type (pulumi.Input[str]) – The SQL Server license type. Possible values are AHUB (Azure Hybrid Benefit) and PAYG (Pay-As-You-Go). Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • virtual_machine_id (pulumi.Input[str]) – The ID of the Virtual Machine. Changing this forces a new resource to be created.

The auto_patching object supports the following:

  • dayOfWeek (pulumi.Input[str]) - The day of week to apply the patch on.

  • maintenanceWindowDurationInMinutes (pulumi.Input[float]) - The size of the Maintenance Window in minutes.

  • maintenanceWindowStartingHour (pulumi.Input[float]) - The Hour, in the Virtual Machine Time-Zone when the patching maintenance window should begin.

The key_vault_credential object supports the following:

  • keyVaultUrl (pulumi.Input[str]) - The azure Key Vault url. Changing this forces a new resource to be created.

  • name (pulumi.Input[str]) - The credential name.

  • servicePrincipalName (pulumi.Input[str]) - The service principal name to access key vault. Changing this forces a new resource to be created.

  • servicePrincipalSecret (pulumi.Input[str]) - The service principal name secret to access key vault. Changing this forces a new resource to be created.

auto_patching: pulumi.Output[dict] = None

An auto_patching block as defined below.

  • dayOfWeek (str) - The day of week to apply the patch on.

  • maintenanceWindowDurationInMinutes (float) - The size of the Maintenance Window in minutes.

  • maintenanceWindowStartingHour (float) - The Hour, in the Virtual Machine Time-Zone when the patching maintenance window should begin.

key_vault_credential: pulumi.Output[dict] = None

(Optional) An key_vault_credential block as defined below.

  • keyVaultUrl (str) - The azure Key Vault url. Changing this forces a new resource to be created.

  • name (str) - The credential name.

  • servicePrincipalName (str) - The service principal name to access key vault. Changing this forces a new resource to be created.

  • servicePrincipalSecret (str) - The service principal name secret to access key vault. Changing this forces a new resource to be created.

r_services_enabled: pulumi.Output[bool] = None

Should R Services be enabled?

sql_connectivity_port: pulumi.Output[float] = None

The SQL Server port. Defaults to 1433.

sql_connectivity_type: pulumi.Output[str] = None

The connectivity type used for this SQL Server. Defaults to PRIVATE.

sql_connectivity_update_password: pulumi.Output[str] = None

The SQL Server sysadmin login password.

sql_connectivity_update_username: pulumi.Output[str] = None

The SQL Server sysadmin login to create.

sql_license_type: pulumi.Output[str] = None

The SQL Server license type. Possible values are AHUB (Azure Hybrid Benefit) and PAYG (Pay-As-You-Go). Changing this forces a new resource to be created.

tags: pulumi.Output[dict] = None

A mapping of tags to assign to the resource.

virtual_machine_id: pulumi.Output[str] = None

The ID of the Virtual Machine. Changing this forces a new resource to be created.

static get(resource_name, id, opts=None, auto_patching=None, key_vault_credential=None, r_services_enabled=None, sql_connectivity_port=None, sql_connectivity_type=None, sql_connectivity_update_password=None, sql_connectivity_update_username=None, sql_license_type=None, tags=None, virtual_machine_id=None)

Get an existing VirtualMachine resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • auto_patching (pulumi.Input[dict]) – An auto_patching block as defined below.

  • key_vault_credential (pulumi.Input[dict]) – (Optional) An key_vault_credential block as defined below.

  • r_services_enabled (pulumi.Input[bool]) – Should R Services be enabled?

  • sql_connectivity_port (pulumi.Input[float]) – The SQL Server port. Defaults to 1433.

  • sql_connectivity_type (pulumi.Input[str]) – The connectivity type used for this SQL Server. Defaults to PRIVATE.

  • sql_connectivity_update_password (pulumi.Input[str]) – The SQL Server sysadmin login password.

  • sql_connectivity_update_username (pulumi.Input[str]) – The SQL Server sysadmin login to create.

  • sql_license_type (pulumi.Input[str]) – The SQL Server license type. Possible values are AHUB (Azure Hybrid Benefit) and PAYG (Pay-As-You-Go). Changing this forces a new resource to be created.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • virtual_machine_id (pulumi.Input[str]) – The ID of the Virtual Machine. Changing this forces a new resource to be created.

The auto_patching object supports the following:

  • dayOfWeek (pulumi.Input[str]) - The day of week to apply the patch on.

  • maintenanceWindowDurationInMinutes (pulumi.Input[float]) - The size of the Maintenance Window in minutes.

  • maintenanceWindowStartingHour (pulumi.Input[float]) - The Hour, in the Virtual Machine Time-Zone when the patching maintenance window should begin.

The key_vault_credential object supports the following:

  • keyVaultUrl (pulumi.Input[str]) - The azure Key Vault url. Changing this forces a new resource to be created.

  • name (pulumi.Input[str]) - The credential name.

  • servicePrincipalName (pulumi.Input[str]) - The service principal name to access key vault. Changing this forces a new resource to be created.

  • servicePrincipalSecret (pulumi.Input[str]) - The service principal name secret to access key vault. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_azure.mssql.get_database(name=None, server_id=None, opts=None)

Use this data source to access information about an existing SQL database.

import pulumi
import pulumi_azure as azure

example = azure.mssql.get_database(name="example-mssql-db",
    server_id="example-mssql-server-id")
pulumi.export("databaseId", example.id)
Parameters

  • name (str) – The name of the Ms SQL Database.

  • server_id (str) – The id of the Ms SQL Server on which to create the database.

pulumi_azure.mssql.get_elastic_pool(name=None, resource_group_name=None, server_name=None, opts=None)

Use this data source to access information about an existing SQL elastic pool.

import pulumi
import pulumi_azure as azure

example = azure.mssql.get_elastic_pool(name="mssqlelasticpoolname",
    resource_group_name="example-resources",
    server_name="example-sql-server")
pulumi.export("elasticpoolId", example.id)
Parameters

  • name (str) – The name of the elastic pool.

  • resource_group_name (str) – The name of the resource group which contains the elastic pool.

  • server_name (str) – The name of the SQL Server which contains the elastic pool.