Skip to content

Latest commit

 

History

History
100 lines (89 loc) · 13.7 KB

README.md

File metadata and controls

100 lines (89 loc) · 13.7 KB
Raw

Requirements

Name Version
terraform >= 1.8.0
azapi >= 1.12.1
azurerm >= 3.99.0

Providers

Name Version
azapi 1.12.1
azurerm 3.99.0

Modules

Name Source Version
azurerm_key_vault github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars v0.4.2

Resources

Name Type
azapi_update_resource.mssql_threat_protection resource
azapi_update_resource.mssql_vulnerability_assessment resource
azurerm_data_factory_managed_private_endpoint.mssql resource
azurerm_monitor_action_group.main resource
azurerm_monitor_metric_alert.sql_cpu resource
azurerm_monitor_metric_alert.sql_dataio resource
azurerm_monitor_metric_alert.sql_deadlock resource
azurerm_monitor_metric_alert.sql_disk resource
azurerm_monitor_metric_alert.sql_failed_user resource
azurerm_monitor_metric_alert.sql_tempdb resource
azurerm_monitor_metric_alert.sql_user_cpu resource
azurerm_monitor_metric_alert.sql_worker resource
azurerm_mssql_database.default resource
azurerm_mssql_database_extended_auditing_policy.default resource
azurerm_mssql_firewall_rule.default_mssql resource
azurerm_mssql_server.default resource
azurerm_mssql_server_extended_auditing_policy.default resource
azurerm_private_dns_zone.mssql resource
azurerm_private_dns_zone_virtual_network_link.mssql resource
azurerm_private_endpoint.mssql resource
azurerm_resource_group.default resource
azurerm_role_assignment.mssql_storageblobdatacontributor resource
azurerm_storage_account.mssql_security_storage resource
azurerm_storage_account_network_rules.mssql_security_storage resource
azurerm_storage_container.mssql_security_storage resource
azurerm_subnet.private_endpoint resource
azurerm_subnet_route_table_association.private_endpoint resource
azurerm_user_assigned_identity.mssql resource
azapi_resource_action.existing_logic_app_workflow_callback_url data source
azurerm_logic_app_workflow.existing_logic_app_workflow data source
azurerm_resource_group.existing_resource_group data source
azurerm_route_table.private_endpoints data source
azurerm_subscription.current data source
azurerm_virtual_network.private_endpoints data source

Inputs

Name Description Type Default Required
adf_private_endpoint_configurations Key value pair. Specify the Key as the ADF Name, and the value as the ADF Resource ID map(string) {} no
azure_location Azure location in which to launch resources. string n/a yes
enable_monitoring Create an App Insights instance and notification group for the Container App bool false no
enable_mssql_database Set to true to create an Azure SQL server/database, with a private endpoint within the virtual network bool false no
enable_mssql_vulnerability_assessment Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities bool true no
environment Environment name. Will be used along with project_name as a prefix for all resources. string n/a yes
existing_logic_app_workflow Name, Resource Group and HTTP Trigger URL of an existing Logic App Workflow. Leave empty to create a new Resource 
object({
    name : string
    resource_group_name : string
  })
 
{
  "name": "",
  "resource_group_name": ""
}
 no
existing_resource_group Conditionally launch resources into an existing resource group. Specifying this will NOT create a resource group. string "" no
key_vault_access_ipv4 List of IPv4 Addresses that are permitted to access the Key Vault list(string) n/a yes
monitor_email_receivers A list of email addresses that should be notified by monitoring alerts list(string) [] no
mssql_azuread_admin_object_id Object ID of a User within Azure AD that you want to assign as the SQL Server Administrator string "" no
mssql_azuread_admin_username Username of a User within Azure AD that you want to assign as the SQL Server Administrator string "" no
mssql_azuread_auth_only Set to true to only permit SQL logins from Azure AD users bool false no
mssql_collation Set the collation for the SQL database string "SQL_Latin1_General_CP1_CI_AS" no
mssql_database_name The name of the MSSQL database to create. Must be set if enable_mssql_database is true string "" no
mssql_firewall_ipv4_allow_list A list of IPv4 Addresses that require remote access to the MSSQL Server 
map(object({
    start_ip_range : string,
    end_ip_range : optional(string, "")
  }))
 {} no
mssql_managed_identity_assign_role Assign the 'Storage Blob Data Contributor' Role to the SQL Server User-Assigned Managed Identity. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'Storage Blob Data Contributor' Role to the identity bool false no
mssql_max_size_gb The max size of the database in gigabytes number 2 no
mssql_security_storage_firewall_ipv4_allow_list Additional IP addresses to add to the Storage Account that holds the Vulnerability Assessments list(string) [] no
mssql_server_admin_password The local administrator password for the MSSQL server string "" no
mssql_server_public_access_enabled Enable public internet access to your MSSQL instance. Be sure to specify 'mssql_firewall_ipv4_allow_list' to restrict inbound connections bool false no
mssql_sku_name Specifies the name of the SKU used by the database string "Basic" no
mssql_version Specify the version of Microsoft SQL Server you want to run string "12.0" no
private_endpoint_configurations Map of private endpoint configurations, specifying the VNet name/resource-group and a new subnet CIDR. A subnet, private endpoint and DNS zone will be created within the specified VNet.
{
endpoint-name = {
vnet_name: The Name of the VNet to create the private endpoint resources
vnet_resource_group_name: The Name of the resource group containing the VNet
subnet_cidr: The CIDR of the Private Endpoint subnet to be created
route_table_name: The Route Table ID to associate the subnet with (Optional)
}
}		 
map(object({
    vnet_name                       = string
    vnet_resource_group_name        = string
    subnet_cidr                     = string
    subnet_route_table_name         = optional(string, null)
    create_acr_privatelink_dns_zone = optional(bool, true)
  }))
 {} no
project_name Project name. Will be used along with environment as a prefix for all resources. string n/a yes
tags Tags to be applied to all resources map(string) {} no
tfvars_filename tfvars filename. This file is uploaded and stored encrypted within Key Vault, to ensure that the latest tfvars are stored in a shared place. string n/a yes

Outputs

Name Description
azurerm_resource_group Azure Resource Group
azurerm_user_assigned_identity_principal_id Principal ID for the UAMI assigned to the SQL Server