SQL Server¶
Filters¶
- Standard Value Filter (see Generic Filters)
Model: Server
- ARM Resource Filters (see Generic Filters)
Metric Filter - Filter on metrics from Azure Monitor - (see SQL Server Supported Metrics)
Tag Filter - Filter on tag presence and/or values
Marked-For-Op Filter - Filter on tag that indicates a scheduled operation for a resource
firewall-rulesFirewall Rules FilterFilter based on firewall rules. Rules can be specified as x.x.x.x-y.y.y.y or x.x.x.x or x.x.x.x/y.
include: the list of IP ranges or CIDR that firewall rules must include. The list must be a subset of the exact rules as is, the ranges will not be combined.
equal: the list of IP ranges or CIDR that firewall rules must match exactly.
oneOf: - required: - type - include - required: - type - any - required: - type - only - required: - type - equal properties: any: items: type: string type: array equal: items: type: string type: array include: items: type: string type: array only: items: type: string type: array type: enum: - firewall-rules
Actions¶
ARM Resource Actions (see Generic Actions)
Example Policies¶
This policy will find all SQL servers with average DTU consumption under 10 percent over the last 72 hours
policies:
- name: sqlserver-under-utilized
resource: azure.sqlserver
filters:
- type: metric
metric: dtu_consumption_percent
op: lt
aggregation: average
threshold: 10
timeframe: 72
filter: "ElasticPoolResourceId eq '*'"
no_data_action: include
This policy will find all SQL servers without any firewall rules defined.
policies:
- name: find-sqlserver-without-firewall-rules
resource: azure.sqlserver
filters:
- type: firewall-rules
equal: []
This policy will find all SQL servers allowing traffic from 1.2.2.128/25 CIDR.
policies:
- name: find-sqlserver-allowing-subnet
resource: azure.sqlserver
filters:
- type: firewall-rules
include: ['1.2.2.128/25']