azure.sql-database¶
SQL Server Database Resource
The azure.sql-database resource is a child resource of the SQL Server resource,
and the SQL Server parent id is available as the c7n:parent-id property.
- example:
Finds all SQL Servers Database in the subscription.
policies:
- name: find-all-sql-databases
resource: azure.sql-database
Filters¶
data-masking-policy¶
Filter by the current data masking policy configuration for this database.
This filter will exclude the master database because data masking can not be configured on it.
- example:
Find SQL databases with data masking disabled
policies:
- name: sql-database-masking
resource: azure.sql-database
filters:
- type: data-masking-policy
enabled: false
properties:
enabled:
type: boolean
type:
enum:
- data-masking-policy
required:
- type
- enabled
- type
long-term-backup-retention-policy¶
Filter SQL Databases on the length of their long term backup retention policies.
There are 3 backup types for a sql database: weekly, monthly, and yearly. And, each of these backups has a retention period that can specified in units of days, weeks, months, or years.
- example:
Find all SQL Databases with weekly backup retentions longer than 1 month.
policies:
- name: long-term-backup-retention-policy
resource: azure.sqldatabase
filters:
- type: long-term-backup-retention-policy
backup-type: weekly
op: gt
retention-period: 1
retention-period-units: months
properties:
backup-type:
enum:
- weekly
- monthly
- yearly
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
retention-period:
type: number
retention-period-units:
enum:
- day
- days
- week
- weeks
- month
- months
- year
- years
type:
enum:
- long-term-backup-retention-policy
- long-term-backup-retention
required:
- backup-type
- retention-period
- retention-period-units
- type
short-term-backup-retention-policy¶
Filter SQL Databases on the length of their short term backup retention policies.
If the database has no backup retention policies, the database is treated as if it has a backup retention of zero days.
- example:
Find all SQL Databases with a short term retention policy shorter than 2 weeks.
policies:
- name: short-term-backup-retention-policy
resource: azure.sqldatabase
filters:
- type: short-term-backup-retention-policy
op: lt
retention-period-days: 14
properties:
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
retention-period-days:
type: number
type:
enum:
- short-term-backup-retention-policy
- short-term-backup-retention
required:
- retention-period-days
- type
transparent-data-encryption¶
Filter by the current Transparent Data Encryption configuration for this database.
- example:
Find SQL databases with TDE disabled
policies:
- name: sql-database-no-tde
resource: azure.sql-database
filters:
- type: transparent-data-encryption
enabled: false
properties:
enabled:
type: boolean
type:
enum:
- transparent-data-encryption
required:
- type
- enabled
- type
Actions¶
resize¶
Action to scale database. Required arguments: capacity in DTUs and tier (Basic, Standard or Premium). Max data size (in bytes) is optional.
- example:
This policy will resize database to Premium tier with 500 DTU and set max data size to 750 GB
policies:
- name: resize-db
resource: azure.sqldatabase
filters:
- type: value
key: name
value: cctestdb
actions:
- type: resize
tier: Premium
capacity: 500
max_size_bytes: 805306368000
properties:
capacity:
type: number
max_size_bytes:
type: number
tier:
enum:
- Basic
- Standard
- Premium
type:
enum:
- resize
required:
- capacity
- tier
- type
update-long-term-backup-retention-policy¶
Update the long term backup retention policy for a SQL Database.
There are 3 backup types for a sql database: weekly, monthly, and yearly. And, each of these backups has a retention period that can specified in units of days, weeks, months, or years.
- example:
Enforce a 1 month maximum retention for weekly backups on all SQL Databases
policies:
- name: update-long-term-backup-retention-policy
resource: azure.sqldatabase
filters:
- type: long-term-backup-retention-policy
backup-type: weekly
op: gt
retention-period: 1
retention-period-units: months
actions:
- type: update-long-term-backup-retention-policy
backup-type: weekly
retention-period: 1
retention-period-units: months
properties:
backup-type:
enum:
- weekly
- monthly
- yearly
retention-period:
type: number
retention-period-units:
enum:
- day
- days
- week
- weeks
- month
- months
- year
- years
type:
enum:
- update-long-term-backup-retention-policy
- update-long-term-backup-retention
required:
- type
update-short-term-backup-retention-policy¶
Update the short term backup retention policy for a SQL Database.
- example:
Update any SQL Database short term retentions to at least 7 days.
policies:
- name: update-short-term-backup-retention-policy
resource: azure.sqldatabase
filters:
- type: short-term-backup-retention-policy
op: lt
retention-period-days: 7
actions:
- type: update-short-term-backup-retention-policy
retention-period-days: 7
properties:
retention-period-days:
type: number
type:
enum:
- update-short-term-backup-retention-policy
- update-short-term-backup-retention
required:
- type