Skip to content

DFE-Digital/rsd-academies-reporting-db

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
.terraform-version
.terraform-version
 
 
.terraform.lock.hcl
.terraform.lock.hcl
 
 
Brewfile
Brewfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
backend.tf
backend.tf
 
 
backend.vars.example
backend.vars.example
 
 
data.tf
data.tf
 
 
identity.tf
identity.tf
 
 
key-vault-tfvars.tf
key-vault-tfvars.tf
 
 
locals.tf
locals.tf
 
 
monitor.tf
monitor.tf
 
 
mssql.tf
mssql.tf
 
 
outputs.tf
outputs.tf
 
 
private-endpoints.tf
private-endpoints.tf
 
 
providers.tf
providers.tf
 
 
renovate.json
renovate.json
 
 
resource-group.tf
resource-group.tf
 
 
storage.tf
storage.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Requirements

Name Version
terraform >= 1.8.0
azapi >= 1.12.1
azurerm >= 3.99.0

Providers

Name Version
azapi 1.12.1
azurerm 3.99.0

Modules

Name Source Version
azurerm_key_vault github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars v0.4.2

Resources

Name Type
azapi_update_resource.mssql_threat_protection resource
azapi_update_resource.mssql_vulnerability_assessment resource
azurerm_data_factory_managed_private_endpoint.mssql resource
azurerm_monitor_action_group.main resource
azurerm_monitor_metric_alert.sql_cpu resource
azurerm_monitor_metric_alert.sql_dataio resource
azurerm_monitor_metric_alert.sql_deadlock resource
azurerm_monitor_metric_alert.sql_disk resource
azurerm_monitor_metric_alert.sql_failed_user resource
azurerm_monitor_metric_alert.sql_tempdb resource
azurerm_monitor_metric_alert.sql_user_cpu resource
azurerm_monitor_metric_alert.sql_worker resource
azurerm_mssql_database.default resource
azurerm_mssql_database_extended_auditing_policy.default resource
azurerm_mssql_firewall_rule.default_mssql resource
azurerm_mssql_server.default resource
azurerm_mssql_server_extended_auditing_policy.default resource
azurerm_private_dns_zone.mssql resource
azurerm_private_dns_zone_virtual_network_link.mssql resource
azurerm_private_endpoint.mssql resource
azurerm_resource_group.default resource
azurerm_role_assignment.mssql_storageblobdatacontributor resource
azurerm_storage_account.mssql_security_storage resource
azurerm_storage_account_network_rules.mssql_security_storage resource
azurerm_storage_container.mssql_security_storage resource
azurerm_subnet.private_endpoint resource
azurerm_subnet_route_table_association.private_endpoint resource
azurerm_user_assigned_identity.mssql resource
azapi_resource_action.existing_logic_app_workflow_callback_url data source
azurerm_logic_app_workflow.existing_logic_app_workflow data source
azurerm_resource_group.existing_resource_group data source
azurerm_route_table.private_endpoints data source
azurerm_subscription.current data source
azurerm_virtual_network.private_endpoints data source

Inputs

Name Description Type Default Required
adf_private_endpoint_configurations Key value pair. Specify the Key as the ADF Name, and the value as the ADF Resource ID map(string) {} no
azure_location Azure location in which to launch resources. string n/a yes
enable_monitoring Create an App Insights instance and notification group for the Container App bool false no
enable_mssql_database Set to true to create an Azure SQL server/database, with a private endpoint within the virtual network bool false no
enable_mssql_vulnerability_assessment Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities bool true no
environment Environment name. Will be used along with project_name as a prefix for all resources. string n/a yes
existing_logic_app_workflow Name, Resource Group and HTTP Trigger URL of an existing Logic App Workflow. Leave empty to create a new Resource 
object({
    name : string
    resource_group_name : string
  })
 
{
  "name": "",
  "resource_group_name": ""
}
 no
existing_resource_group Conditionally launch resources into an existing resource group. Specifying this will NOT create a resource group. string "" no
key_vault_access_ipv4 List of IPv4 Addresses that are permitted to access the Key Vault list(string) n/a yes
monitor_email_receivers A list of email addresses that should be notified by monitoring alerts list(string) [] no
mssql_azuread_admin_object_id Object ID of a User within Azure AD that you want to assign as the SQL Server Administrator string "" no
mssql_azuread_admin_username Username of a User within Azure AD that you want to assign as the SQL Server Administrator string "" no
mssql_azuread_auth_only Set to true to only permit SQL logins from Azure AD users bool false no
mssql_collation Set the collation for the SQL database string "SQL_Latin1_General_CP1_CI_AS" no
mssql_database_name The name of the MSSQL database to create. Must be set if enable_mssql_database is true string "" no
mssql_firewall_ipv4_allow_list A list of IPv4 Addresses that require remote access to the MSSQL Server 
map(object({
    start_ip_range : string,
    end_ip_range : optional(string, "")
  }))
 {} no
mssql_managed_identity_assign_role Assign the 'Storage Blob Data Contributor' Role to the SQL Server User-Assigned Managed Identity. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'Storage Blob Data Contributor' Role to the identity bool false no
mssql_max_size_gb The max size of the database in gigabytes number 2 no
mssql_security_storage_firewall_ipv4_allow_list Additional IP addresses to add to the Storage Account that holds the Vulnerability Assessments list(string) [] no
mssql_server_admin_password The local administrator password for the MSSQL server string "" no
mssql_server_public_access_enabled Enable public internet access to your MSSQL instance. Be sure to specify 'mssql_firewall_ipv4_allow_list' to restrict inbound connections bool false no
mssql_sku_name Specifies the name of the SKU used by the database string "Basic" no
mssql_version Specify the version of Microsoft SQL Server you want to run string "12.0" no
private_endpoint_configurations Map of private endpoint configurations, specifying the VNet name/resource-group and a new subnet CIDR. A subnet, private endpoint and DNS zone will be created within the specified VNet.
{
endpoint-name = {
vnet_name: The Name of the VNet to create the private endpoint resources
vnet_resource_group_name: The Name of the resource group containing the VNet
subnet_cidr: The CIDR of the Private Endpoint subnet to be created
route_table_name: The Route Table ID to associate the subnet with (Optional)
}
}		 
map(object({
    vnet_name                       = string
    vnet_resource_group_name        = string
    subnet_cidr                     = string
    subnet_route_table_name         = optional(string, null)
    create_acr_privatelink_dns_zone = optional(bool, true)
  }))
 {} no
project_name Project name. Will be used along with environment as a prefix for all resources. string n/a yes
tags Tags to be applied to all resources map(string) {} no
tfvars_filename tfvars filename. This file is uploaded and stored encrypted within Key Vault, to ensure that the latest tfvars are stored in a shared place. string n/a yes

Outputs

Name Description
azurerm_resource_group Azure Resource Group
azurerm_user_assigned_identity_principal_id Principal ID for the UAMI assigned to the SQL Server

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages