Azure v6.21.0, Mar 7 25

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

azure.mssql.ManagedInstanceSecurityAlertPolicy

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

Coming soon!

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: database-rg
      location: West Europe
  exampleNetworkSecurityGroup:
    type: azure:network:NetworkSecurityGroup
    name: example
    properties:
      name: mi-security-group
      location: ${example.location}
      resourceGroupName: ${example.name}
  allowManagementInbound:
    type: azure:network:NetworkSecurityRule
    name: allow_management_inbound
    properties:
      name: allow_management_inbound
      priority: 106
      direction: Inbound
      access: Allow
      protocol: Tcp
      sourcePortRange: '*'
      destinationPortRanges:
        - '9000'
        - '9003'
        - '1438'
        - '1440'
        - '1452'
      sourceAddressPrefix: '*'
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  allowMisubnetInbound:
    type: azure:network:NetworkSecurityRule
    name: allow_misubnet_inbound
    properties:
      name: allow_misubnet_inbound
      priority: 200
      direction: Inbound
      access: Allow
      protocol: '*'
      sourcePortRange: '*'
      destinationPortRange: '*'
      sourceAddressPrefix: 10.0.0.0/24
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  allowHealthProbeInbound:
    type: azure:network:NetworkSecurityRule
    name: allow_health_probe_inbound
    properties:
      name: allow_health_probe_inbound
      priority: 300
      direction: Inbound
      access: Allow
      protocol: '*'
      sourcePortRange: '*'
      destinationPortRange: '*'
      sourceAddressPrefix: AzureLoadBalancer
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  allowTdsInbound:
    type: azure:network:NetworkSecurityRule
    name: allow_tds_inbound
    properties:
      name: allow_tds_inbound
      priority: 1000
      direction: Inbound
      access: Allow
      protocol: Tcp
      sourcePortRange: '*'
      destinationPortRange: '1433'
      sourceAddressPrefix: VirtualNetwork
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  denyAllInbound:
    type: azure:network:NetworkSecurityRule
    name: deny_all_inbound
    properties:
      name: deny_all_inbound
      priority: 4096
      direction: Inbound
      access: Deny
      protocol: '*'
      sourcePortRange: '*'
      destinationPortRange: '*'
      sourceAddressPrefix: '*'
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  allowManagementOutbound:
    type: azure:network:NetworkSecurityRule
    name: allow_management_outbound
    properties:
      name: allow_management_outbound
      priority: 102
      direction: Outbound
      access: Allow
      protocol: Tcp
      sourcePortRange: '*'
      destinationPortRanges:
        - '80'
        - '443'
        - '12000'
      sourceAddressPrefix: '*'
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  allowMisubnetOutbound:
    type: azure:network:NetworkSecurityRule
    name: allow_misubnet_outbound
    properties:
      name: allow_misubnet_outbound
      priority: 200
      direction: Outbound
      access: Allow
      protocol: '*'
      sourcePortRange: '*'
      destinationPortRange: '*'
      sourceAddressPrefix: 10.0.0.0/24
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  denyAllOutbound:
    type: azure:network:NetworkSecurityRule
    name: deny_all_outbound
    properties:
      name: deny_all_outbound
      priority: 4096
      direction: Outbound
      access: Deny
      protocol: '*'
      sourcePortRange: '*'
      destinationPortRange: '*'
      sourceAddressPrefix: '*'
      destinationAddressPrefix: '*'
      resourceGroupName: ${example.name}
      networkSecurityGroupName: ${exampleNetworkSecurityGroup.name}
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    name: example
    properties:
      name: vnet-mi
      resourceGroupName: ${example.name}
      addressSpaces:
        - 10.0.0.0/16
      location: ${example.location}
  exampleSubnet:
    type: azure:network:Subnet
    name: example
    properties:
      name: subnet-mi
      resourceGroupName: ${example.name}
      virtualNetworkName: ${exampleVirtualNetwork.name}
      addressPrefixes:
        - 10.0.0.0/24
      delegations:
        - name: managedinstancedelegation
          serviceDelegation:
            name: Microsoft.Sql/managedInstances
            actions:
              - Microsoft.Network/virtualNetworks/subnets/join/action
              - Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action
              - Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action
  exampleSubnetNetworkSecurityGroupAssociation:
    type: azure:network:SubnetNetworkSecurityGroupAssociation
    name: example
    properties:
      subnetId: ${exampleSubnet.id}
      networkSecurityGroupId: ${exampleNetworkSecurityGroup.id}
  exampleRouteTable:
    type: azure:network:RouteTable
    name: example
    properties:
      name: routetable-mi
      location: ${example.location}
      resourceGroupName: ${example.name}
      disableBgpRoutePropagation: false
    options:
      dependsOn:
        - ${exampleSubnet}
  exampleSubnetRouteTableAssociation:
    type: azure:network:SubnetRouteTableAssociation
    name: example
    properties:
      subnetId: ${exampleSubnet.id}
      routeTableId: ${exampleRouteTable.id}
  exampleManagedInstance:
    type: azure:mssql:ManagedInstance
    name: example
    properties:
      name: managedsqlinstance
      resourceGroupName: ${example.name}
      location: ${example.location}
      licenseType: BasePrice
      skuName: GP_Gen5
      storageSizeInGb: 32
      subnetId: ${exampleSubnet.id}
      vcores: 4
      administratorLogin: mradministrator
      administratorLoginPassword: thisIsDog11
    options:
      dependsOn:
        - ${exampleSubnetNetworkSecurityGroupAssociation}
        - ${exampleSubnetRouteTableAssociation}
  exampleManagedInstanceSecurityAlertPolicy:
    type: azure:mssql:ManagedInstanceSecurityAlertPolicy
    name: example
    properties:
      resourceGroupName: ${example.name}
      managedInstanceName: ${exampleManagedInstance.name}
      enabled: true
      storageEndpoint: ${exampleAzurermStorageAccount.primaryBlobEndpoint}
      storageAccountAccessKey: ${exampleAzurermStorageAccount.primaryAccessKey}
      disabledAlerts:
        - Sql_Injection
        - Data_Exfiltration
      retentionDays: 20

Create ManagedInstanceSecurityAlertPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ManagedInstanceSecurityAlertPolicy(name: string, args: ManagedInstanceSecurityAlertPolicyArgs, opts?: CustomResourceOptions);

@overload
def ManagedInstanceSecurityAlertPolicy(resource_name: str,
                                       args: ManagedInstanceSecurityAlertPolicyArgs,
                                       opts: Optional[ResourceOptions] = None)

@overload
def ManagedInstanceSecurityAlertPolicy(resource_name: str,
                                       opts: Optional[ResourceOptions] = None,
                                       managed_instance_name: Optional[str] = None,
                                       resource_group_name: Optional[str] = None,
                                       disabled_alerts: Optional[Sequence[str]] = None,
                                       email_account_admins_enabled: Optional[bool] = None,
                                       email_addresses: Optional[Sequence[str]] = None,
                                       enabled: Optional[bool] = None,
                                       retention_days: Optional[int] = None,
                                       storage_account_access_key: Optional[str] = None,
                                       storage_endpoint: Optional[str] = None)

func NewManagedInstanceSecurityAlertPolicy(ctx *Context, name string, args ManagedInstanceSecurityAlertPolicyArgs, opts ...ResourceOption) (*ManagedInstanceSecurityAlertPolicy, error)

public ManagedInstanceSecurityAlertPolicy(string name, ManagedInstanceSecurityAlertPolicyArgs args, CustomResourceOptions? opts = null)

public ManagedInstanceSecurityAlertPolicy(String name, ManagedInstanceSecurityAlertPolicyArgs args)
public ManagedInstanceSecurityAlertPolicy(String name, ManagedInstanceSecurityAlertPolicyArgs args, CustomResourceOptions options)

type: azure:mssql:ManagedInstanceSecurityAlertPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ManagedInstanceSecurityAlertPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ManagedInstanceSecurityAlertPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ManagedInstanceSecurityAlertPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ManagedInstanceSecurityAlertPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ManagedInstanceSecurityAlertPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var managedInstanceSecurityAlertPolicyResource = new Azure.MSSql.ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource", new()
{
    ManagedInstanceName = "string",
    ResourceGroupName = "string",
    DisabledAlerts = new[]
    {
        "string",
    },
    EmailAccountAdminsEnabled = false,
    EmailAddresses = new[]
    {
        "string",
    },
    Enabled = false,
    RetentionDays = 0,
    StorageAccountAccessKey = "string",
    StorageEndpoint = "string",
});

example, err := mssql.NewManagedInstanceSecurityAlertPolicy(ctx, "managedInstanceSecurityAlertPolicyResource", &mssql.ManagedInstanceSecurityAlertPolicyArgs{
	ManagedInstanceName: pulumi.String("string"),
	ResourceGroupName:   pulumi.String("string"),
	DisabledAlerts: pulumi.StringArray{
		pulumi.String("string"),
	},
	EmailAccountAdminsEnabled: pulumi.Bool(false),
	EmailAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	Enabled:                 pulumi.Bool(false),
	RetentionDays:           pulumi.Int(0),
	StorageAccountAccessKey: pulumi.String("string"),
	StorageEndpoint:         pulumi.String("string"),
})

var managedInstanceSecurityAlertPolicyResource = new ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource", ManagedInstanceSecurityAlertPolicyArgs.builder()
    .managedInstanceName("string")
    .resourceGroupName("string")
    .disabledAlerts("string")
    .emailAccountAdminsEnabled(false)
    .emailAddresses("string")
    .enabled(false)
    .retentionDays(0)
    .storageAccountAccessKey("string")
    .storageEndpoint("string")
    .build());

managed_instance_security_alert_policy_resource = azure.mssql.ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource",
    managed_instance_name="string",
    resource_group_name="string",
    disabled_alerts=["string"],
    email_account_admins_enabled=False,
    email_addresses=["string"],
    enabled=False,
    retention_days=0,
    storage_account_access_key="string",
    storage_endpoint="string")

const managedInstanceSecurityAlertPolicyResource = new azure.mssql.ManagedInstanceSecurityAlertPolicy("managedInstanceSecurityAlertPolicyResource", {
    managedInstanceName: "string",
    resourceGroupName: "string",
    disabledAlerts: ["string"],
    emailAccountAdminsEnabled: false,
    emailAddresses: ["string"],
    enabled: false,
    retentionDays: 0,
    storageAccountAccessKey: "string",
    storageEndpoint: "string",
});

type: azure:mssql:ManagedInstanceSecurityAlertPolicy
properties:
    disabledAlerts:
        - string
    emailAccountAdminsEnabled: false
    emailAddresses:
        - string
    enabled: false
    managedInstanceName: string
    resourceGroupName: string
    retentionDays: 0
    storageAccountAccessKey: string
    storageEndpoint: string

ManagedInstanceSecurityAlertPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ManagedInstanceSecurityAlertPolicy resource accepts the following input properties:

ManagedInstanceName string: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
DisabledAlerts List<string>: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
EmailAccountAdminsEnabled bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses List<string>: Specifies an array of email addresses to which the alert is sent.
Enabled bool: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

ManagedInstanceName string: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
DisabledAlerts []string: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
EmailAccountAdminsEnabled bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses []string: Specifies an array of email addresses to which the alert is sent.
Enabled bool: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

managedInstanceName String: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
disabledAlerts List<String>: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
emailAccountAdminsEnabled Boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses List<String>: Specifies an array of email addresses to which the alert is sent.
enabled Boolean: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
retentionDays Integer: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storageAccountAccessKey String: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storageEndpoint String: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

managedInstanceName string: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resourceGroupName string: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
disabledAlerts string[]: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
emailAccountAdminsEnabled boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses string[]: Specifies an array of email addresses to which the alert is sent.
enabled boolean: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
retentionDays number: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storageEndpoint string: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

managed_instance_name str: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resource_group_name str: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
disabled_alerts Sequence[str]: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
email_account_admins_enabled bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
email_addresses Sequence[str]: Specifies an array of email addresses to which the alert is sent.
enabled bool: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
retention_days int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storage_account_access_key str: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storage_endpoint str: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

managedInstanceName String: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
disabledAlerts List<String>: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
emailAccountAdminsEnabled Boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses List<String>: Specifies an array of email addresses to which the alert is sent.
enabled Boolean: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
retentionDays Number: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storageAccountAccessKey String: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storageEndpoint String: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

Outputs

All input properties are implicitly available as output properties. Additionally, the ManagedInstanceSecurityAlertPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing ManagedInstanceSecurityAlertPolicy Resource

Get an existing ManagedInstanceSecurityAlertPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ManagedInstanceSecurityAlertPolicyState, opts?: CustomResourceOptions): ManagedInstanceSecurityAlertPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        disabled_alerts: Optional[Sequence[str]] = None,
        email_account_admins_enabled: Optional[bool] = None,
        email_addresses: Optional[Sequence[str]] = None,
        enabled: Optional[bool] = None,
        managed_instance_name: Optional[str] = None,
        resource_group_name: Optional[str] = None,
        retention_days: Optional[int] = None,
        storage_account_access_key: Optional[str] = None,
        storage_endpoint: Optional[str] = None) -> ManagedInstanceSecurityAlertPolicy

func GetManagedInstanceSecurityAlertPolicy(ctx *Context, name string, id IDInput, state *ManagedInstanceSecurityAlertPolicyState, opts ...ResourceOption) (*ManagedInstanceSecurityAlertPolicy, error)

public static ManagedInstanceSecurityAlertPolicy Get(string name, Input<string> id, ManagedInstanceSecurityAlertPolicyState? state, CustomResourceOptions? opts = null)

public static ManagedInstanceSecurityAlertPolicy get(String name, Output<String> id, ManagedInstanceSecurityAlertPolicyState state, CustomResourceOptions options)

resources:  _:    type: azure:mssql:ManagedInstanceSecurityAlertPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DisabledAlerts List<string>: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
EmailAccountAdminsEnabled bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses List<string>: Specifies an array of email addresses to which the alert is sent.
Enabled bool: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
ManagedInstanceName string: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

DisabledAlerts []string: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
EmailAccountAdminsEnabled bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
EmailAddresses []string: Specifies an array of email addresses to which the alert is sent.
Enabled bool: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
ManagedInstanceName string: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
ResourceGroupName string: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
RetentionDays int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
StorageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
StorageEndpoint string: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

disabledAlerts List<String>: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
emailAccountAdminsEnabled Boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses List<String>: Specifies an array of email addresses to which the alert is sent.
enabled Boolean: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
managedInstanceName String: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
retentionDays Integer: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storageAccountAccessKey String: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storageEndpoint String: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

disabledAlerts string[]: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
emailAccountAdminsEnabled boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses string[]: Specifies an array of email addresses to which the alert is sent.
enabled boolean: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
managedInstanceName string: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resourceGroupName string: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
retentionDays number: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storageAccountAccessKey string: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storageEndpoint string: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

disabled_alerts Sequence[str]: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
email_account_admins_enabled bool: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
email_addresses Sequence[str]: Specifies an array of email addresses to which the alert is sent.
enabled bool: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
managed_instance_name str: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resource_group_name str: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
retention_days int: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storage_account_access_key str: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storage_endpoint str: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

disabledAlerts List<String>: Specifies an array of alerts that are disabled. Possible values are Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action and Brute_Force.
emailAccountAdminsEnabled Boolean: Boolean flag which specifies if the alert is sent to the account administrators or not. Defaults to false.
emailAddresses List<String>: Specifies an array of email addresses to which the alert is sent.
enabled Boolean: Specifies the state of the Security Alert Policy, whether it is enabled or disabled. Possible values are true, false.
managedInstanceName String: Specifies the name of the MS SQL Managed Instance. Changing this forces a new resource to be created.
resourceGroupName String: The name of the resource group that contains the MS SQL Managed Instance. Changing this forces a new resource to be created.
retentionDays Number: Specifies the number of days to keep in the Threat Detection audit logs. Defaults to 0.
storageAccountAccessKey String: Specifies the identifier key of the Threat Detection audit storage account. This is mandatory when you use storage_endpoint to specify a storage account blob endpoint.
NOTE: Please note that storage accounts configured with shared_access_key_enabled = false cannot be used to configure azure.mssql.ManagedInstanceSecurityAlertPolicy with storage_endpoint for now.
storageEndpoint String: Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

Import

MS SQL Managed Instance Security Alert Policy can be imported using the resource id, e.g.

$ pulumi import azure:mssql/managedInstanceSecurityAlertPolicy:ManagedInstanceSecurityAlertPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/acceptanceTestResourceGroup1/providers/Microsoft.Sql/managedInstances/instance1/securityAlertPolicies/Default

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-azure

azure.mssql.ManagedInstanceSecurityAlertPolicy

On this page

On this page

Example Usage

Create ManagedInstanceSecurityAlertPolicy Resource

Constructor syntax

Parameters

Constructor example

ManagedInstanceSecurityAlertPolicy Resource Properties

Inputs

Outputs

Look up Existing ManagedInstanceSecurityAlertPolicy Resource

Import

Package Details

On this page

On this page