From 076fd59dcdb560a3b100a85329f332464a00ab26 Mon Sep 17 00:00:00 2001 From: Helena Solberg Kallekleiv <110530547+helenakallekleiv@users.noreply.github.com> Date: Mon, 5 Jun 2023 13:10:44 +0200 Subject: [PATCH] feat: allow custom retention days for extended auditing policy (#91) --- main.tf | 3 ++- variables.tf | 27 +++++++++++++++++---------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/main.tf b/main.tf index 9e1b1a3..73e3723 100644 --- a/main.tf +++ b/main.tf @@ -84,6 +84,7 @@ resource "azurerm_mssql_failover_group" "this" { resource "azurerm_mssql_server_extended_auditing_policy" "this" { server_id = azurerm_mssql_server.this.id log_monitoring_enabled = true + retention_in_days = var.extended_auditing_policy_retention_in_days } # Create diagnostic setting for master database to enable server wide. @@ -142,8 +143,8 @@ resource "azurerm_mssql_server_security_alert_policy" "this" { server_name = azurerm_mssql_server.this.name state = "Enabled" disabled_alerts = [] - email_addresses = var.security_alert_policy_email_addresses email_account_admins = var.security_alert_policy_email_account_admins + email_addresses = var.security_alert_policy_email_addresses } resource "azurerm_mssql_server_vulnerability_assessment" "this" { diff --git a/variables.tf b/variables.tf index e9ecd84..89486f4 100644 --- a/variables.tf +++ b/variables.tf @@ -34,6 +34,12 @@ variable "storage_account_access_key" { sensitive = true } +variable "storage_container_name" { + description = "The name of this Storage Container." + type = string + default = "vulnerability-assessment" +} + variable "azuread_administrator" { description = "An Azure AD administrator to configure for this SQL server." @@ -91,6 +97,12 @@ variable "failover_groups" { default = {} } +variable "extended_auditing_policy_retention_in_days" { + description = "The number of days to retain logs in the Storage Account for this SQL server." + type = number + default = 0 +} + variable "diagnostic_setting_name" { description = "The name of this diagnostic setting." type = string @@ -103,22 +115,16 @@ variable "diagnostic_setting_enabled_log_categories" { default = ["SQLSecurityAuditEvents"] } -variable "security_alert_policy_email_addresses" { - description = "A list of custom email addresses to which the alert for this SQL server is sent." - type = list(string) - default = [] -} - variable "security_alert_policy_email_account_admins" { description = "Are alerts for this SQL server sent to subscription owners and administrators?" type = bool default = true } -variable "storage_container_name" { - description = "The name of this Storage Container." - type = string - default = "vulnerability-assessment" +variable "security_alert_policy_email_addresses" { + description = "A list of custom email addresses to which the alert for this SQL server is sent." + type = list(string) + default = [] } variable "vulnerability_assessment_recurring_scans_enabled" { @@ -138,6 +144,7 @@ variable "vulnerability_assessment_recurring_scans_emails" { type = list(string) default = [] } + variable "tags" { description = "A mapping of tags to assign to the resources." type = map(string)