How to enable express Vulnerability assessment on Azure SQL Server using AzAPI provider
There is an option to execute Vulnerability Assessment with an express configuration which doesn't require storage account.
I want to use AzAPI update resource to set this, but I don't see this option on the definition.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Sql/servers/vulnerabilityAssessments@2022-05-01-preview"
name = "default"
parent_id = "string"
body = jsonencode({
properties = {
recurringScans = {
emails = [
"string"
]
emailSubscriptionAdmins = bool
isEnabled = bool
}
storageAccountAccessKey = "string"
storageContainerPath = "string"
storageContainerSasKey = "string"
}
})
}
Is it possible?
Solution
How to enable express Vulnerability assessment on Azure SQL Server using AzAPI provider:
After a workaround on your requirement, I found there that there is
"no direct way to automate the express vulnerability assessment on SQL server utilizing bicep". You must use Azure PowerShell or CLI to make it operate beyond the Azure portal.
I tried an alternative way with the azapi_update_resource resource to enable vulnerability assessment, however it only works well when the storagecontainerpath attribute is added if you'd like to use a bicep.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
version = "1.9.0"
}
}
}
provider "azurerm"{
features{}
}
provider "azapi"{}
data "azurerm_resource_group" "example"{
name = "xxxx"
}
data "azurerm_mssql_server" "example"{
name = "newser"
resource_group_name = data.azurerm_resource_group.example.name
}
data "azurerm_mssql_database" "example" {
name = "newdb"
server_id = data.azurerm_mssql_server.example.id
}
resource "azapi_update_resource" "example" {
type = "Microsoft.Sql/servers/vulnerabilityAssessments@2022-05-01-preview"
name = "expressjahc"
parent_id = data.azurerm_mssql_server.example.id
body = jsonencode({
properties = {
recurringScans = {
isEnabled = true
}
storageContainerPath = "https://<storageaccount>.blob.core.windows.net/new"
}
})
}
Deployment succeeded:
- How to reference a former value?
- How to enable express Vulnerability assessment on Azure SQL Server using AzAPI provider
- How to get the prinicipal_id from azuread_users data source using for each
- Can data azuread_users accept null value?
- How to Cache Terraform init
- How to get the ARN (Amazon Resource Name) of SSL certificate without using ACM (AWS Certificate Manager)?
- ECS Task definition CPU setting for terraform
- Unable to create Storage Sync Cloud Endpoint (MgmtStorageAccountAuthorizationFailed), even though account has Owner role assigned
- How do I get the Principal ID of a Azure Storage Sync in Terraform
- How do I make a block optional in a module?
- How can I filter ECS tasks to just those that are running for a FIS experiment?
- how to specify azurerm_linux_web_app storage block mount type in terraform
- Terraform Azure Key Vault - context deadline exceeded
- vm specs in .tfvars file not working as expected when executing plan
- Terraform Gives errors Failed to load plugin schemas
- no valid credential sources for Terraform AWS Provider found
- How to get Environment (codeid, environmentid) details of Microsoft.MachineLearningServices deployment model?
- Valkey on AWS via Terraform can not use replication groups
- Terraform does not accept Snowflake account name
- use azurerm_virtual_machine with trusted_launch
- Error acquiring the state lock: ConditionalCheckFailedException
- (Terraform, Cloud Run) Error: Forbidden Your client does not have permission to get URL / from this server
- Can a terraform resource name have a dot in it?
- count value depends on resource attributes that cannot be determined until apply in module
- How can I invalidate AWS CloudFront Distribution cache using Terraform?
- How do I deploy an Azure Container App from scratch using terraform/azurerm?
- Using AWS secrets for a glue connector in Terraform
- How to convert list of objects to just objects in terraform
- Prevent Cancellation of Deployment Job on PR Changes
- Import all resources defined in tf file