We recommend using Azure Native.
azure.mssql.ManagedInstanceSecurityAlertPolicy
Explore with Pulumi AI
Manages a Security Alert Policy for an MS SQL Managed Instance.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
example:
type: azure:core:ResourceGroup
properties:
name: database-rg
location: West Europe
exampleNetworkSecurityGroup:
type: azure:network:NetworkSecurityGroup
name: example
properties:
name: mi-security-group
location: ${example.location}
resourceGroupName: ${example.name}
allowManagementInbound:
type: azure:network:NetworkSecurityRule
name: allow_management_inbound
properties:
name: allow_management_inbound
priority: 106
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRanges:
- '9000'
- '9003'
- '1438'
- '1440'
- '1452'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
allowMisubnetInbound:
type: azure:network:NetworkSecurityRule
name: allow_misubnet_inbound
properties:
name: allow_misubnet_inbound
priority: 200
direction: Inbound
access: Allow
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 10.0.0.0/24
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
allowHealthProbeInbound:
type: azure:network:NetworkSecurityRule
name: allow_health_probe_inbound
properties:
name: allow_health_probe_inbound
priority: 300
direction: Inbound
access: Allow
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: AzureLoadBalancer
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
allowTdsInbound:
type: azure:network:NetworkSecurityRule
name: allow_tds_inbound
properties:
name: allow_tds_inbound
priority: 1000
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '1433'
sourceAddressPrefix: VirtualNetwork
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
denyAllInbound:
type: azure:network:NetworkSecurityRule
name: deny_all_inbound
properties:
name: deny_all_inbound
priority: 4096
direction: Inbound
access: Deny
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
allowManagementOutbound:
type: azure:network:NetworkSecurityRule
name: allow_management_outbound
properties:
name: allow_management_outbound
priority: 102
direction: Outbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRanges:
- '80'
- '443'
- '12000'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
allowMisubnetOutbound:
type: azure:network:NetworkSecurityRule
name: allow_misubnet_outbound
properties:
name: allow_misubnet_outbound
priority: 200
direction: Outbound
access: Allow
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: 10.0.0.0/24
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
denyAllOutbound:
type: azure:network:NetworkSecurityRule
name: deny_all_outbound
properties:
name: deny_all_outbound
priority: 4096
direction: Outbound
access: Deny
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '*'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
resourceGroupName: ${example.name}
networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
exampleVirtualNetwork:
type: azure:network:VirtualNetwork
name: example
properties:
name: vnet-mi
resourceGroupName: ${example.name}
addressSpaces:
- 10.0.0.0/16
location: ${example.location}
exampleSubnet:
type: azure:network:Subnet
name: example
properties:
name: subnet-mi
resourceGroupName: ${example.name}
virtualNetworkName: ${exampleVirtualNetwork.name}
addressPrefixes:
- 10.0.0.0/24
delegations:
- name: managedinstancedelegation
serviceDelegation:
name: Microsoft.Sql/managedInstances
actions:
- Microsoft.Network/virtualNetworks/subnets/join/action
- Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action
- Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action
exampleSubnetNetworkSecurityGroupAssociation:
type: azure:network:SubnetNetworkSecurityGroupAssociation
name: example
properties:
subnetId: ${exampleSubnet.id}
networkSecurityGroupId: ${exampleNetworkSecurityGroup.id}
exampleRouteTable:
type: azure:network:RouteTable
name: example
properties:
name: routetable-mi
location: ${example.location}
resourceGroupName: ${example.name}
disableBgpRoutePropagation: false
options:
dependson:
- ${exampleSubnet}
exampleSubnetRouteTableAssociation:
type: azure:network:SubnetRouteTableAssociation
name: example
properties:
subnetId: ${exampleSubnet.id}
routeTableId: ${exampleRouteTable.id}
exampleManagedInstance:
type: azure:mssql:ManagedInstance
name: example
properties:
name: managedsqlinstance
resourceGroupName: ${example.name}
location: ${example.location}
licenseType: BasePrice
skuName: GP_Gen5
storageSizeInGb: 32
subnetId: ${exampleSubnet.id}
vcores: 4
administratorLogin: mradministrator
administratorLoginPassword: thisIsDog11
options:
dependson:
- ${exampleSubnetNetworkSecurityGroupAssociation}
- ${exampleSubnetRouteTableAssociation}
exampleManagedInstanceSecurityAlertPolicy:
type: azure:mssql:ManagedInstanceSecurityAlertPolicy
name: example
properties:
resourceGroupName: ${example.name}
managedInstanceName: ${exampleManagedInstance.name}
enabled: true
storageEndpoint: ${exampleAzurermStorageAccount.primaryBlobEndpoint}
storageAccountAccessKey: ${exampleAzurermStorageAccount.primaryAccessKey}
disabledAlerts:
- Sql_Injection
- Data_Exfiltration
retentionDays: 20
Create ManagedInstanceSecurityAlertPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagedInstanceSecurityAlertPolicy(name: string, args: ManagedInstanceSecurityAlertPolicyArgs, opts?: CustomResourceOptions);
@overload
def ManagedInstanceSecurityAlertPolicy(resource_name: str,
args: ManagedInstanceSecurityAlertPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagedInstanceSecurityAlertPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
managed_instance_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
disabled_alerts: Optional[Sequence[str]] = None,
email_account_admins_enabled: Optional[bool] = None,
email_addresses: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
retention_days: Optional[int] = None,
storage_account_access_key: Optional[str] = None,
storage_endpoint: Optional[str] = None)
func NewManagedInstanceSecurityAlertPolicy(ctx *Context, name string, args ManagedInstanceSecurityAlertPolicyArgs, opts ...ResourceOption) (*ManagedInstanceSecurityAlertPolicy, error)
public ManagedInstanceSecurityAlertPolicy(string name, ManagedInstanceSecurityAlertPolicyArgs args, CustomResourceOptions? opts = null)
public ManagedInstanceSecurityAlertPolicy(String name, ManagedInstanceSecurityAlertPolicyArgs args)
public ManagedInstanceSecurityAlertPolicy(String name, ManagedInstanceSecurityAlertPolicyArgs args, CustomResourceOptions options)
type: azure:mssql:ManagedInstanceSecurityAlertPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagedInstanceSecurityAlertPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagedInstanceSecurityAlertPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagedInstanceSecurityAlertPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagedInstanceSecurityAlertPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagedInstanceSecurityAlertPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managedInstanceSecurityAlertPolicyResource = new Azure.MSSql.ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource", new()
{
ManagedInstanceName = "string",
ResourceGroupName = "string",
DisabledAlerts = new[]
{
"string",
},
EmailAccountAdminsEnabled = false,
EmailAddresses = new[]
{
"string",
},
Enabled = false,
RetentionDays = 0,
StorageAccountAccessKey = "string",
StorageEndpoint = "string",
});
example, err := mssql.NewManagedInstanceSecurityAlertPolicy(ctx, "managedInstanceSecurityAlertPolicyResource", &mssql.ManagedInstanceSecurityAlertPolicyArgs{
ManagedInstanceName: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
DisabledAlerts: pulumi.StringArray{
pulumi.String("string"),
},
EmailAccountAdminsEnabled: pulumi.Bool(false),
EmailAddresses: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
RetentionDays: pulumi.Int(0),
StorageAccountAccessKey: pulumi.String("string"),
StorageEndpoint: pulumi.String("string"),
})
var managedInstanceSecurityAlertPolicyResource = new ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource", ManagedInstanceSecurityAlertPolicyArgs.builder()
.managedInstanceName("string")
.resourceGroupName("string")
.disabledAlerts("string")
.emailAccountAdminsEnabled(false)
.emailAddresses("string")
.enabled(false)
.retentionDays(0)
.storageAccountAccessKey("string")
.storageEndpoint("string")
.build());
managed_instance_security_alert_policy_resource = azure.mssql.ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource",
managed_instance_name="string",
resource_group_name="string",
disabled_alerts=["string"],
email_account_admins_enabled=False,
email_addresses=["string"],
enabled=False,
retention_days=0,
storage_account_access_key="string",
storage_endpoint="string")
const managedInstanceSecurityAlertPolicyResource = new azure.mssql.ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource", {
managedInstanceName: "string",
resourceGroupName: "string",
disabledAlerts: ["string"],
emailAccountAdminsEnabled: false,
emailAddresses: ["string"],
enabled: false,
retentionDays: 0,
storageAccountAccessKey: "string",
storageEndpoint: "string",
});
type: azure:mssql:ManagedInstanceSecurityAlertPolicy
properties:
disabledAlerts:
- string
emailAccountAdminsEnabled: false
emailAddresses:
- string
enabled: false
managedInstanceName: string
resourceGroupName: string
retentionDays: 0
storageAccountAccessKey: string
storageEndpoint: string
ManagedInstanceSecurityAlertPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ManagedInstanceSecurityAlertPolicy resource accepts the following input properties:
- Managed
Instance stringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Resource
Group stringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Disabled
Alerts List<string> - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - Email
Account boolAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - Email
Addresses List<string> - Specifies an array of email addresses to which the alert is sent.
- Enabled bool
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - Retention
Days int - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - Storage
Account stringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- Storage
Endpoint string - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- Managed
Instance stringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Resource
Group stringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Disabled
Alerts []string - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - Email
Account boolAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - Email
Addresses []string - Specifies an array of email addresses to which the alert is sent.
- Enabled bool
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - Retention
Days int - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - Storage
Account stringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- Storage
Endpoint string - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- managed
Instance StringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource
Group StringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- disabled
Alerts List<String> - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email
Account BooleanAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email
Addresses List<String> - Specifies an array of email addresses to which the alert is sent.
- enabled Boolean
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - retention
Days Integer - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage
Account StringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage
Endpoint String - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- managed
Instance stringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource
Group stringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- disabled
Alerts string[] - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email
Account booleanAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email
Addresses string[] - Specifies an array of email addresses to which the alert is sent.
- enabled boolean
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - retention
Days number - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage
Account stringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage
Endpoint string - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- managed_
instance_ strname - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource_
group_ strname - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- disabled_
alerts Sequence[str] - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email_
account_ booladmins_ enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email_
addresses Sequence[str] - Specifies an array of email addresses to which the alert is sent.
- enabled bool
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - retention_
days int - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage_
account_ straccess_ key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage_
endpoint str - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- managed
Instance StringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource
Group StringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- disabled
Alerts List<String> - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email
Account BooleanAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email
Addresses List<String> - Specifies an array of email addresses to which the alert is sent.
- enabled Boolean
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - retention
Days Number - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage
Account StringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage
Endpoint String - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagedInstanceSecurityAlertPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ManagedInstanceSecurityAlertPolicy Resource
Get an existing ManagedInstanceSecurityAlertPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagedInstanceSecurityAlertPolicyState, opts?: CustomResourceOptions): ManagedInstanceSecurityAlertPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
disabled_alerts: Optional[Sequence[str]] = None,
email_account_admins_enabled: Optional[bool] = None,
email_addresses: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
managed_instance_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
retention_days: Optional[int] = None,
storage_account_access_key: Optional[str] = None,
storage_endpoint: Optional[str] = None) -> ManagedInstanceSecurityAlertPolicy
func GetManagedInstanceSecurityAlertPolicy(ctx *Context, name string, id IDInput, state *ManagedInstanceSecurityAlertPolicyState, opts ...ResourceOption) (*ManagedInstanceSecurityAlertPolicy, error)
public static ManagedInstanceSecurityAlertPolicy Get(string name, Input<string> id, ManagedInstanceSecurityAlertPolicyState? state, CustomResourceOptions? opts = null)
public static ManagedInstanceSecurityAlertPolicy get(String name, Output<String> id, ManagedInstanceSecurityAlertPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Disabled
Alerts List<string> - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - Email
Account boolAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - Email
Addresses List<string> - Specifies an array of email addresses to which the alert is sent.
- Enabled bool
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - Managed
Instance stringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Resource
Group stringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Retention
Days int - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - Storage
Account stringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- Storage
Endpoint string - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- Disabled
Alerts []string - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - Email
Account boolAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - Email
Addresses []string - Specifies an array of email addresses to which the alert is sent.
- Enabled bool
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - Managed
Instance stringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Resource
Group stringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- Retention
Days int - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - Storage
Account stringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- Storage
Endpoint string - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- disabled
Alerts List<String> - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email
Account BooleanAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email
Addresses List<String> - Specifies an array of email addresses to which the alert is sent.
- enabled Boolean
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - managed
Instance StringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource
Group StringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- retention
Days Integer - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage
Account StringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage
Endpoint String - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- disabled
Alerts string[] - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email
Account booleanAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email
Addresses string[] - Specifies an array of email addresses to which the alert is sent.
- enabled boolean
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - managed
Instance stringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource
Group stringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- retention
Days number - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage
Account stringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage
Endpoint string - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- disabled_
alerts Sequence[str] - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email_
account_ booladmins_ enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email_
addresses Sequence[str] - Specifies an array of email addresses to which the alert is sent.
- enabled bool
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - managed_
instance_ strname - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource_
group_ strname - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- retention_
days int - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage_
account_ straccess_ key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage_
endpoint str - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
- disabled
Alerts List<String> - Specifies an array of alerts that are disabled. Possible values are
Sql_Injection
,Sql_Injection_Vulnerability
,Access_Anomaly
,Data_Exfiltration
,Unsafe_Action
andBrute_Force
. - email
Account BooleanAdmins Enabled - Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to
false
. - email
Addresses List<String> - Specifies an array of email addresses to which the alert is sent.
- enabled Boolean
- Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are
true
,false
. - managed
Instance StringName - Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
- resource
Group StringName - The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
- retention
Days Number - Specifies the number of days to keep in the Threat Detection audit logs. Defaults to
0
. - storage
Account StringAccess Key Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use
storage_endpoint
to specify a storage account blob endpoint.NOTE: Please note that storage accounts configured with
shared_access_key_enabled = false
cannot be used to configureazure.mssql.ManagedInstanceSecurityAlertPolicy
withstorage_endpoint
for now.- storage
Endpoint String - Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.
Import
MS SQL Managed Instance Security Alert Policy can be imported using the resource id
, e.g.
$ pulumi import azure:mssql/managedInstanceSecurityAlertPolicy:ManagedInstanceSecurityAlertPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/managedInstances/instance1/securityAlertPolicies/Default
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.