Open davidkarlsen opened 1 year ago
For reference this is what I ended up with when "doing it myself":
// https://github.com/Azure/bicep-registry-modules/issues/2434
resource sqlServerAudit 'Microsoft.Sql/servers/auditingSettings@2022-05-01-preview' = {
name: '${sqlServer.name}/auditSettings'
properties: {
auditActionsAndGroups:[
'BATCH_COMPLETED_GROUP'
'SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP'
'FAILED_DATABASE_AUTHENTICATION_GROUP'
]
isAzureMonitorTargetEnabled: true
isDevopsAuditEnabled: true
state: 'Enabled'
}
}
resource databaseAudit 'Microsoft.Sql/servers/databases/auditingSettings@2022-05-01-preview' = {
name: 'default'
parent: database[1]
properties: {
auditActionsAndGroups:[
'BATCH_COMPLETED_GROUP'
'SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP'
'FAILED_DATABASE_AUTHENTICATION_GROUP'
]
isAzureMonitorTargetEnabled: true
retentionDays: diagnosticLogsRetentionInDays
state: 'Enabled'
}
}
var databases = ['master', databaseName]
resource database 'Microsoft.Sql/servers/databases@2021-11-01-preview' existing = [for database in databases: {
name: '${sqlServer.name}/${database}'
}]
// https://github.com/Azure/bicep-registry-modules/issues/2434
// https://github.com/Azure/bicep/discussions/8386
resource sqlServerLogAnalyticsMasterDatabase 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for i in range(0, length(databases)): {
scope: database[i]
name: 'auditSettings'
properties: {
workspaceId: logAnalyticsWorkspace.id
logs: [for category in ['SQLSecurityAuditEvents' /*, 'DevOpsOperationsAudit'*/]: {
category: category
enabled: true
retentionPolicy: {
days: diagnosticLogsRetentionInDays
enabled: true
}
}]
}
dependsOn: [
sqlServer
]
}]
[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!
[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.
Hey @bryansan-msft , I just migrated this issue over from CARML. Please take a look and triage if still relevant :)
[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.
[!TIP]
- To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
- To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!
[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.
[!TIP]
- To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
- To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!
[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.
[!TIP]
- To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
- Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.
[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.
[!TIP]
- To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
- To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!
[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.
[!TIP]
- To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
- Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.
[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.
[!TIP]
- To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
- To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!
[!CAUTION] This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days.
[!TIP]
- To avoid this rule being (re)triggered, the "Needs: Triage :mag:" and "Status: Response Overdue :triangular_flag_on_post:" labels must be removed when the issue is first responded to!
- Remove the "Needs: Immediate Attention :bangbang:" label once the issue has been responded to.
Description
It would be nice (and natural) if the module https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/servers supported defining the audit-settings: https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/auditingsettings?pivots=deployment-language-bicep