Cannot enable event hub as audit log destination for Azure SQL Auditing

[ammarasheikh]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I am trying to set storage account and Event hub as audit log destination for Azure SQL Auditing. Only storage account gets enabled but event hub doesn't seem to be taking effect. It seems to be a limitation at the terraform azurerm provider. Once deployed the DB resource I can set it up manually from the Azure portal. Looking for this feature to be added to terraform.

New or Affected Resource(s)/Data Source(s)

azurerm_mssql_server_security_alert_policy

Potential Terraform Configuration

No response

References

No response

[CherylFlowers]

The azurerm_mssql_server_security_alert_policy enables Microsoft Defender for Cloud, and it appears that this feature does not have an option to send logs to an event hub.

The resources that need to be modified are azurerm_mssql_server_extended_auditing_policy and azurerm_mssql_database_extended_auditing_policy.