时间戳

首页 > 解决方案 > 通过 ARM 模板在 Azure SQL 数据库上启用审核设置

azure - 通过 ARM 模板在 Azure SQL 数据库上启用审核设置

问题描述

我一直在开发一个模板来部署 SQL/XSS 注入检测。除了启用审核设置外,一切都很好。在文档中,我看到以下内容:

{
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/auditingSettings",
  "apiVersion": "2017-03-01-preview",
  "properties": {
    "state": "string",
    "storageEndpoint": "string",
    "storageAccountAccessKey": "string",
    "retentionDays": "integer",
    "auditActionsAndGroups": [
      "string"
    ],
    "storageAccountSubscriptionId": "string",
    "isStorageSecondaryKeyInUse": boolean
  }
}

我相信我已经遵循了这个结构。在此处查看我的完整代码或此处的代码段:

  - apiVersion: 2017-03-01-preview
    type: Microsoft.Sql/servers/auditingSettings
    name: "[concat(parameters('sqlServerName'), '/auditing-default')]"
    dependsOn:
      - "[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
    properties:
      state: Enabled
      storageEndpoint: "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')),
        '2018-03-01-preview').PrimaryEndpoints.Blob]"
      storageAccountAccessKey: "[listKeys(resourceId('Microsoft.Storage/storageAccounts',
        parameters('storageAccountName')), '2018-03-01-preview').keys[0].value]"
      retentionDays: 0
      storageAccountSubscriptionId: "[subscription().subscriptionId]"
      isStorageSecondaryKeyInUse: false'

我看到服务器/数据库之间存在差异,只是 /servers 的类型,但我实际上是从 Azure 快速入门和此处的特定文件中借用了此代码,其中代码如下:

{
        "apiVersion": "2017-03-01-preview",
        "type": "Microsoft.Sql/servers/auditingSettings",
        "name": "[concat(parameters('sqlServerName'), '/', 'default')]",
        "properties": {
          "state": "Enabled",
          "storageEndpoint": "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2018-03-01-preview').PrimaryEndpoints.Blob]",
          "storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2018-03-01-preview').keys[0].value]",
          "retentionDays": 0,
          "auditActionsAndGroups": null,
          "storageAccountSubscriptionId": "[subscription().subscriptionId]",
          "isStorageSecondaryKeyInUse": false
        }
      }

官方文档似乎没有关于在服务器级别添加 auditingSettings 的信息,但是这里的类型直接在服务器下,所以我有点迷茫。我还没有研究架构,但是任何关于这里可能发生的事情的帮助/指导将不胜感激!

标签: azureazure-sql-databaseazure-resource-manager

解决方案

我们最近发布了一个模板,展示了如何部署启用了服务器审核的 Azure SQL Server。

完整示例在这里:https ://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.sql/sql-auditing-server-policy-to-blob-storage

推荐阅读