import * as pulumi from "@pulumi/pulumi"; /** * Manages a MS SQL Server Microsoft Support Auditing Policy. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleServer = new azure.mssql.Server("example", { * name: "example-sqlserver", * resourceGroupName: example.name, * location: example.location, * version: "12.0", * administratorLogin: "missadministrator", * administratorLoginPassword: "AdminPassword123!", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "examplesa", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * }); * const exampleServerMicrosoftSupportAuditingPolicy = new azure.mssql.ServerMicrosoftSupportAuditingPolicy("example", { * serverId: exampleServer.id, * blobStorageEndpoint: exampleAccount.primaryBlobEndpoint, * storageAccountAccessKey: exampleAccount.primaryAccessKey, * }); * ``` * * ### With Storage Account Behind VNet And Firewall * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as azurerm from "@pulumi/azurerm"; * * const primary = azure.core.getSubscription({}); * const example = azure.core.getClientConfig({}); * const exampleResourceGroup = new azure.core.ResourceGroup("example", { * name: "example", * location: "West Europe", * }); * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", { * name: "virtnetname-1", * addressSpaces: ["10.0.0.0/16"], * location: exampleResourceGroup.location, * resourceGroupName: exampleResourceGroup.name, * }); * const exampleSubnet = new azure.network.Subnet("example", { * name: "subnetname-1", * resourceGroupName: exampleResourceGroup.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.2.0/24"], * serviceEndpoints: [ * "Microsoft.Sql", * "Microsoft.Storage", * ], * enforcePrivateLinkEndpointNetworkPolicies: true, * }); * const exampleServer = new azure.mssql.Server("example", { * name: "example-sqlserver", * resourceGroupName: exampleResourceGroup.name, * location: exampleResourceGroup.location, * version: "12.0", * administratorLogin: "missadministrator", * administratorLoginPassword: "AdminPassword123!", * minimumTlsVersion: "1.2", * identity: { * type: "SystemAssigned", * }, * }); * const exampleAssignment = new azure.authorization.Assignment("example", { * scope: primary.then(primary => primary.id), * roleDefinitionName: "Storage Blob Data Contributor", * principalId: exampleServer.identity.apply(identity => identity?.principalId), * }); * const sqlvnetrule = new azurerm.index.SqlVirtualNetworkRule("sqlvnetrule", { * name: "sql-vnet-rule", * resourceGroupName: exampleResourceGroup.name, * serverName: exampleServer.name, * subnetId: exampleSubnet.id, * }); * const exampleSqlFirewallRule = new azurerm.index.SqlFirewallRule("example", { * name: "FirewallRule1", * resourceGroupName: exampleResourceGroup.name, * serverName: exampleServer.name, * startIpAddress: "0.0.0.0", * endIpAddress: "0.0.0.0", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "examplesa", * resourceGroupName: exampleResourceGroup.name, * location: exampleResourceGroup.location, * accountTier: "Standard", * accountReplicationType: "LRS", * accountKind: "StorageV2", * allowNestedItemsToBePublic: false, * networkRules: { * defaultAction: "Deny", * ipRules: ["127.0.0.1"], * virtualNetworkSubnetIds: [exampleSubnet.id], * bypasses: ["AzureServices"], * }, * identity: { * type: "SystemAssigned", * }, * }); * const exampleServerMicrosoftSupportAuditingPolicy = new azure.mssql.ServerMicrosoftSupportAuditingPolicy("example", { * blobStorageEndpoint: exampleAccount.primaryBlobEndpoint, * serverId: exampleServer.id, * logMonitoringEnabled: false, * storageAccountSubscriptionId: primaryAzurermSubscription.subscriptionId, * }, { * dependsOn: [ * exampleAssignment, * exampleAccount, * ], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Sql` - 2023-08-01-preview * * ## Import * * MS SQL Server Microsoft Support Auditing Policies can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:mssql/serverMicrosoftSupportAuditingPolicy:ServerMicrosoftSupportAuditingPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/sqlServer1/devOpsAuditingSettings/default * ``` */ export declare class ServerMicrosoftSupportAuditingPolicy extends pulumi.CustomResource { /** * Get an existing ServerMicrosoftSupportAuditingPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ServerMicrosoftSupportAuditingPolicyState, opts?: pulumi.CustomResourceOptions): ServerMicrosoftSupportAuditingPolicy; /** * Returns true if the given object is an instance of ServerMicrosoftSupportAuditingPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServerMicrosoftSupportAuditingPolicy; /** * The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Microsoft support auditing logs. */ readonly blobStorageEndpoint: pulumi.Output; /** * Whether to enable the extended auditing policy. Possible values are `true` and `false`. Defaults to `true`. * * > **Note:** If `enabled` is `true`, `blobStorageEndpoint` or `logMonitoringEnabled` are required. */ readonly enabled: pulumi.Output; /** * Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to `true`. */ readonly logMonitoringEnabled: pulumi.Output; /** * The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created. */ readonly serverId: pulumi.Output; /** * The access key to use for the auditing storage account. */ readonly storageAccountAccessKey: pulumi.Output; /** * The ID of the Subscription containing the Storage Account. */ readonly storageAccountSubscriptionId: pulumi.Output; /** * Create a ServerMicrosoftSupportAuditingPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServerMicrosoftSupportAuditingPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServerMicrosoftSupportAuditingPolicy resources. */ export interface ServerMicrosoftSupportAuditingPolicyState { /** * The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Microsoft support auditing logs. */ blobStorageEndpoint?: pulumi.Input; /** * Whether to enable the extended auditing policy. Possible values are `true` and `false`. Defaults to `true`. * * > **Note:** If `enabled` is `true`, `blobStorageEndpoint` or `logMonitoringEnabled` are required. */ enabled?: pulumi.Input; /** * Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to `true`. */ logMonitoringEnabled?: pulumi.Input; /** * The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created. */ serverId?: pulumi.Input; /** * The access key to use for the auditing storage account. */ storageAccountAccessKey?: pulumi.Input; /** * The ID of the Subscription containing the Storage Account. */ storageAccountSubscriptionId?: pulumi.Input; } /** * The set of arguments for constructing a ServerMicrosoftSupportAuditingPolicy resource. */ export interface ServerMicrosoftSupportAuditingPolicyArgs { /** * The blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Microsoft support auditing logs. */ blobStorageEndpoint?: pulumi.Input; /** * Whether to enable the extended auditing policy. Possible values are `true` and `false`. Defaults to `true`. * * > **Note:** If `enabled` is `true`, `blobStorageEndpoint` or `logMonitoringEnabled` are required. */ enabled?: pulumi.Input; /** * Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to `true`. */ logMonitoringEnabled?: pulumi.Input; /** * The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created. */ serverId: pulumi.Input; /** * The access key to use for the auditing storage account. */ storageAccountAccessKey?: pulumi.Input; /** * The ID of the Subscription containing the Storage Account. */ storageAccountSubscriptionId?: pulumi.Input; }