Open IntoTheNature opened 3 years ago
These audit log destinations are not in preview anymore, can someone from terraform triage this request?
We ended up using a null_resource
block to run an az cli
command enabling this: az sql server audit-policy update
.
resource "null_resource" "server_auditing_policy" {
triggers = {
eventhub_authorization_rule_id = var.eventhub_authorization_rule_id
resource_group_name = var.resource_group_name
server_name = var.server_name
event_hub_name = var.event_hub_name
}
# Apply: Suppressing the output of `update`, which isn't very informative, and displaying that of the `show` instead.
provisioner "local-exec" {
command = chomp(
<<-EOT
az sql server audit-policy update --resource-group ${var.resource_group_name} --name ${var.server_name} --state Enabled --event-hub-target-state Enabled --event-hub-authorization-rule-id ${var.eventhub_authorization_rule_id} --event-hub ${var.event_hub_name} --output none
az sql server audit-policy show --resource-group ${var.resource_group_name} --name ${var.server_name}
EOT
)
}
}
Any update on this being implemented? This is something we'd also want to start using at my org instead of enabling the event hub auditing on each individual database.
Any update on this being implemented? This is something we'd also want to start using at my org instead of enabling the event hub auditing on each individual database.
This enhancement request is over a year old, and we couldn't wait, which is why we went the null_resource
route. See my previous comment. If you enable auditing on the server-level, it is enabled for each database.
Yep, I see your solution and I definitely appreciate you following up. What we ended up doing was enabling this on the server as well but by hand. We don't have a ton of servers so this is manageable. This feature is also missing in the AzureRM terraform module. You can't set an EventHub audit destination on a SQL server via the module.
You can set the EventHub using the azurerm_monitor_diagnostic_setting
resource. If I recall correctly, the log category name is "SQLSecurityAuditEvents"
.
There is no what to deploy an Azure SQL Server with auditing policy set to EventHub or Log Analytics. It's not possible to ignore them too, if this setting is set manually on a SQL server, deployment fails with this error: