Terraform module for Azure SQL Managed Instance.
To use AAD Authentication to must provide a User Assigned Managed Identity ID that has the Directory Reader role in AAD.
The module can use an existing Resource Group, VNet and Subnet or it can create basic forms these for you. There are two example below, one using existing resources and the other letting the module create these resources.
module "sqlmi" {
source = "git::https://github.com/hmcts/terraform-module-sql-managed-instance.git?ref=main"
name = "test-sqlmi"
license_type = "BasePrice"
sku_name = "GP_Gen5"
storage_size_in_gb = 32
vcores = 4
databases = ["testdb"]
admin_name = var.admin_name
subnet_ip_range = "10.10.10.0/27"
env = "sbox"
product = var.product
project = var.project
component = var.component
common_tags = var.common_tags
business_area = var.project
}module "sqlmi" {
source = "git::https://github.com/hmcts/terraform-module-sql-managed-instance.git?ref=main"
name = "test-sqlmi"
license_type = "BasePrice"
sku_name = "GP_Gen5"
storage_size_in_gb = 32
vcores = 4
databases = ["testdb"]
admin_name = var.admin_name
existing_resource_group_name = "my-sqlmi-rg"
subnet_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-sqlmi-rg/providers/Microsoft.Network/virtualNetworks/my-sqlmi-vnet/subnets/sqlmi-subnet"
env = "sbox"
product = var.product
project = var.project
component = var.component
common_tags = var.common_tags
business_area = var.project
}resource "azurerm_user_assigned_identity" "uami" {
location = "uksouth"
name = "my-sqlmi-uami"
resource_group_name = "my-sqlmi-rg"
tags = var.common_tags
}
module "sqlmi" {
source = "git::https://github.com/hmcts/terraform-module-sql-managed-instance.git?ref=main"
name = "test-sqlmi"
license_type = "BasePrice"
sku_name = "GP_Gen5"
storage_size_in_gb = 32
vcores = 4
databases = ["testdb"]
admin_name = var.admin_name
existing_resource_group_name = "my-sqlmi-rg"
subnet_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-sqlmi-rg/providers/Microsoft.Network/virtualNetworks/my-sqlmi-vnet/subnets/sqlmi-subnet"
env = "sbox"
product = var.product
project = var.project
component = var.component
common_tags = var.common_tags
business_area = var.project
user_assigned_managed_identity_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/my-sqlmi-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-sqlmi-uami"
}| Name | Version |
|---|---|
| azuread | 2.47.0 |
| azurerm | 3.117.0 |
| random | 3.5.1 |
| Name | Version |
|---|---|
| azuread | 2.47.0 |
| azurerm | 3.117.0 |
| random | 3.5.1 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admin_name | The admin username for the SQL Managed Instance. | string |
"sqladmin" |
no |
| admin_password | The admin password for the SQL Managed Instance. | string |
null |
no |
| business_area | business_area name - SDS or CFT. | string |
n/a | yes |
| collation | Specifies how the SQL Managed Instance will be collated. | string |
"Latin1_General_CI_AS" |
no |
| common_tags | Common Tags | map(string) |
n/a | yes |
| component | https://hmcts.github.io/cloud-native-platform/glossary/#component | string |
n/a | yes |
| databases | The names of the managed databases to create. | list(string) |
[] |
no |
| enable_system_assigned_identity | Enable SystemAssigned managed identity | bool |
true |
no |
| env | Environment value | string |
n/a | yes |
| existing_resource_group_name | Name of existing resource group to deploy resources into. | string |
null |
no |
| license_type | The type of license the Managed Instance will use. | string |
n/a | yes |
| location | Target Azure location to deploy the resource | string |
"UK South" |
no |
| name | The default name will be product+component+env, you can override the product+component part by setting this | string |
"" |
no |
| product | https://hmcts.github.io/cloud-native-platform/glossary/#product | string |
n/a | yes |
| project | Project name - sds or cft. | any |
n/a | yes |
| sku_name | The SKU Name for the SQL Managed Instance. | string |
n/a | yes |
| storage_size_in_gb | Maximum storage space for the SQL Managed instance. | number |
n/a | yes |
| subnet_id | The Subnet ID to connect the SQL Managed Instance to. | string |
null |
no |
| subnet_ip_range | The IP range of the subnet to connect the SQL Managed Instance to. | string |
null |
no |
| user_assigned_managed_identity_id | The ID of an existing user assigned managed identity to use for the SQL Managed Instance. Required to AAD integration and must be assigned the Directory Reeader role. | string |
null |
no |
| vcores | Number of cores that should be assigned to the SQL Managed Instance. | number |
n/a | yes |
| vnet_name | The VNet name to connect the SQL Managed Instance to. | string |
null |
no |
| Name | Description |
|---|---|
| database_ids | The IDs of the SQL Managed Databases. |
| location | The Azure region resources have been deployed to. |
| resource_group_name | The name of the resource group resources have been deployed to. |
| sql_managed_instance_id | The ID of the SQL Managed Instance. |
| subnet_id | The ID of the subnet, this will be null if a subnet ID is provided to the module instead. |
| vnet_id | The ID of the VNet, this will be null if a subnet ID is provided to the module instead. |
We use pre-commit hooks for validating the terraform format and maintaining the documentation automatically. Install it with:
$ brew install pre-commit terraform-docs
$ pre-commit installIf you add a new hook make sure to run it against all files:
$ pre-commit run --all-files