Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Azure Classic
  3. API Docs
  4. mssql
  5. Database

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi
pulumi/pulumi-azure

azure.mssql.Database

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi
pulumi/pulumi-azure

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleServer = new azure.mssql.Server("example", {
    name: "example-sqlserver",
    resourceGroupName: example.name,
    location: example.location,
    version: "12.0",
    administratorLogin: "4dm1n157r470r",
    administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
const exampleDatabase = new azure.mssql.Database("example", {
    name: "example-db",
    serverId: exampleServer.id,
    collation: "SQL_Latin1_General_CP1_CI_AS",
    licenseType: "LicenseIncluded",
    maxSizeGb: 2,
    skuName: "S0",
    enclaveType: "VBS",
    tags: {
        foo: "bar",
    },
});

    import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_server = azure.mssql.Server("example",
    name="example-sqlserver",
    resource_group_name=example.name,
    location=example.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
example_database = azure.mssql.Database("example",
    name="example-db",
    server_id=example_server.id,
    collation="SQL_Latin1_General_CP1_CI_AS",
    license_type="LicenseIncluded",
    max_size_gb=2,
    sku_name="S0",
    enclave_type="VBS",
    tags={
        "foo": "bar",
    })

    package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/mssql"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
			Name:                       pulumi.String("example-sqlserver"),
			ResourceGroupName:          example.Name,
			Location:                   example.Location,
			Version:                    pulumi.String("12.0"),
			AdministratorLogin:         pulumi.String("4dm1n157r470r"),
			AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
		})
		if err != nil {
			return err
		}
		_, err = mssql.NewDatabase(ctx, "example", &mssql.DatabaseArgs{
			Name:        pulumi.String("example-db"),
			ServerId:    exampleServer.ID(),
			Collation:   pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
			LicenseType: pulumi.String("LicenseIncluded"),
			MaxSizeGb:   pulumi.Int(2),
			SkuName:     pulumi.String("S0"),
			EnclaveType: pulumi.String("VBS"),
			Tags: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleServer = new Azure.MSSql.Server("example", new()
    {
        Name = "example-sqlserver",
        ResourceGroupName = example.Name,
        Location = example.Location,
        Version = "12.0",
        AdministratorLogin = "4dm1n157r470r",
        AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
    });

    var exampleDatabase = new Azure.MSSql.Database("example", new()
    {
        Name = "example-db",
        ServerId = exampleServer.Id,
        Collation = "SQL_Latin1_General_CP1_CI_AS",
        LicenseType = "LicenseIncluded",
        MaxSizeGb = 2,
        SkuName = "S0",
        EnclaveType = "VBS",
        Tags = 
        {
            { "foo", "bar" },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.mssql.Database;
import com.pulumi.azure.mssql.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleServer = new Server("exampleServer", ServerArgs.builder()
            .name("example-sqlserver")
            .resourceGroupName(example.name())
            .location(example.location())
            .version("12.0")
            .administratorLogin("4dm1n157r470r")
            .administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
            .build());

        var exampleDatabase = new Database("exampleDatabase", DatabaseArgs.builder()
            .name("example-db")
            .serverId(exampleServer.id())
            .collation("SQL_Latin1_General_CP1_CI_AS")
            .licenseType("LicenseIncluded")
            .maxSizeGb(2)
            .skuName("S0")
            .enclaveType("VBS")
            .tags(Map.of("foo", "bar"))
            .build());

    }
}

    resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleServer:
    type: azure:mssql:Server
    name: example
    properties:
      name: example-sqlserver
      resourceGroupName: ${example.name}
      location: ${example.location}
      version: '12.0'
      administratorLogin: 4dm1n157r470r
      administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
  exampleDatabase:
    type: azure:mssql:Database
    name: example
    properties:
      name: example-db
      serverId: ${exampleServer.id}
      collation: SQL_Latin1_General_CP1_CI_AS
      licenseType: LicenseIncluded
      maxSizeGb: 2
      skuName: S0
      enclaveType: VBS
      tags:
        foo: bar

    Transparent Data Encryption(TDE) With A Customer Managed Key(CMK) During Create

    import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
    name: "example-admin",
    location: example.location,
    resourceGroupName: example.name,
});
const exampleAccount = new azure.storage.Account("example", {
    name: "examplesa",
    resourceGroupName: example.name,
    location: example.location,
    accountTier: "Standard",
    accountReplicationType: "LRS",
});
const exampleServer = new azure.mssql.Server("example", {
    name: "example-sqlserver",
    resourceGroupName: example.name,
    location: example.location,
    version: "12.0",
    administratorLogin: "4dm1n157r470r",
    administratorLoginPassword: "4-v3ry-53cr37-p455w0rd",
});
// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
    name: "mssqltdeexample",
    location: example.location,
    resourceGroupName: example.name,
    enabledForDiskEncryption: true,
    tenantId: exampleUserAssignedIdentity.tenantId,
    softDeleteRetentionDays: 7,
    purgeProtectionEnabled: true,
    skuName: "standard",
    accessPolicies: [
        {
            tenantId: current.tenantId,
            objectId: current.objectId,
            keyPermissions: [
                "Get",
                "List",
                "Create",
                "Delete",
                "Update",
                "Recover",
                "Purge",
                "GetRotationPolicy",
            ],
        },
        {
            tenantId: exampleUserAssignedIdentity.tenantId,
            objectId: exampleUserAssignedIdentity.principalId,
            keyPermissions: [
                "Get",
                "WrapKey",
                "UnwrapKey",
            ],
        },
    ],
});
const exampleKey = new azure.keyvault.Key("example", {
    name: "example-key",
    keyVaultId: exampleKeyVault.id,
    keyType: "RSA",
    keySize: 2048,
    keyOpts: [
        "unwrapKey",
        "wrapKey",
    ],
}, {
    dependsOn: [exampleKeyVault],
});
const exampleDatabase = new azure.mssql.Database("example", {
    name: "example-db",
    serverId: exampleServer.id,
    collation: "SQL_Latin1_General_CP1_CI_AS",
    licenseType: "LicenseIncluded",
    maxSizeGb: 4,
    readScale: true,
    skuName: "S0",
    zoneRedundant: true,
    enclaveType: "VBS",
    tags: {
        foo: "bar",
    },
    identity: {
        type: "UserAssigned",
        identityIds: [exampleUserAssignedIdentity.id],
    },
    transparentDataEncryptionKeyVaultKeyId: exampleKey.id,
});

    import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
    name="example-admin",
    location=example.location,
    resource_group_name=example.name)
example_account = azure.storage.Account("example",
    name="examplesa",
    resource_group_name=example.name,
    location=example.location,
    account_tier="Standard",
    account_replication_type="LRS")
example_server = azure.mssql.Server("example",
    name="example-sqlserver",
    resource_group_name=example.name,
    location=example.location,
    version="12.0",
    administrator_login="4dm1n157r470r",
    administrator_login_password="4-v3ry-53cr37-p455w0rd")
# Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
example_key_vault = azure.keyvault.KeyVault("example",
    name="mssqltdeexample",
    location=example.location,
    resource_group_name=example.name,
    enabled_for_disk_encryption=True,
    tenant_id=example_user_assigned_identity.tenant_id,
    soft_delete_retention_days=7,
    purge_protection_enabled=True,
    sku_name="standard",
    access_policies=[
        {
            "tenant_id": current["tenantId"],
            "object_id": current["objectId"],
            "key_permissions": [
                "Get",
                "List",
                "Create",
                "Delete",
                "Update",
                "Recover",
                "Purge",
                "GetRotationPolicy",
            ],
        },
        {
            "tenant_id": example_user_assigned_identity.tenant_id,
            "object_id": example_user_assigned_identity.principal_id,
            "key_permissions": [
                "Get",
                "WrapKey",
                "UnwrapKey",
            ],
        },
    ])
example_key = azure.keyvault.Key("example",
    name="example-key",
    key_vault_id=example_key_vault.id,
    key_type="RSA",
    key_size=2048,
    key_opts=[
        "unwrapKey",
        "wrapKey",
    ],
    opts = pulumi.ResourceOptions(depends_on=[example_key_vault]))
example_database = azure.mssql.Database("example",
    name="example-db",
    server_id=example_server.id,
    collation="SQL_Latin1_General_CP1_CI_AS",
    license_type="LicenseIncluded",
    max_size_gb=4,
    read_scale=True,
    sku_name="S0",
    zone_redundant=True,
    enclave_type="VBS",
    tags={
        "foo": "bar",
    },
    identity={
        "type": "UserAssigned",
        "identity_ids": [example_user_assigned_identity.id],
    },
    transparent_data_encryption_key_vault_key_id=example_key.id)

    package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/mssql"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
			Name:              pulumi.String("example-admin"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		_, err = storage.NewAccount(ctx, "example", &storage.AccountArgs{
			Name:                   pulumi.String("examplesa"),
			ResourceGroupName:      example.Name,
			Location:               example.Location,
			AccountTier:            pulumi.String("Standard"),
			AccountReplicationType: pulumi.String("LRS"),
		})
		if err != nil {
			return err
		}
		exampleServer, err := mssql.NewServer(ctx, "example", &mssql.ServerArgs{
			Name:                       pulumi.String("example-sqlserver"),
			ResourceGroupName:          example.Name,
			Location:                   example.Location,
			Version:                    pulumi.String("12.0"),
			AdministratorLogin:         pulumi.String("4dm1n157r470r"),
			AdministratorLoginPassword: pulumi.String("4-v3ry-53cr37-p455w0rd"),
		})
		if err != nil {
			return err
		}
		// Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
			Name:                     pulumi.String("mssqltdeexample"),
			Location:                 example.Location,
			ResourceGroupName:        example.Name,
			EnabledForDiskEncryption: pulumi.Bool(true),
			TenantId:                 exampleUserAssignedIdentity.TenantId,
			SoftDeleteRetentionDays:  pulumi.Int(7),
			PurgeProtectionEnabled:   pulumi.Bool(true),
			SkuName:                  pulumi.String("standard"),
			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
				&keyvault.KeyVaultAccessPolicyArgs{
					TenantId: pulumi.Any(current.TenantId),
					ObjectId: pulumi.Any(current.ObjectId),
					KeyPermissions: pulumi.StringArray{
						pulumi.String("Get"),
						pulumi.String("List"),
						pulumi.String("Create"),
						pulumi.String("Delete"),
						pulumi.String("Update"),
						pulumi.String("Recover"),
						pulumi.String("Purge"),
						pulumi.String("GetRotationPolicy"),
					},
				},
				&keyvault.KeyVaultAccessPolicyArgs{
					TenantId: exampleUserAssignedIdentity.TenantId,
					ObjectId: exampleUserAssignedIdentity.PrincipalId,
					KeyPermissions: pulumi.StringArray{
						pulumi.String("Get"),
						pulumi.String("WrapKey"),
						pulumi.String("UnwrapKey"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
			Name:       pulumi.String("example-key"),
			KeyVaultId: exampleKeyVault.ID(),
			KeyType:    pulumi.String("RSA"),
			KeySize:    pulumi.Int(2048),
			KeyOpts: pulumi.StringArray{
				pulumi.String("unwrapKey"),
				pulumi.String("wrapKey"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleKeyVault,
		}))
		if err != nil {
			return err
		}
		_, err = mssql.NewDatabase(ctx, "example", &mssql.DatabaseArgs{
			Name:          pulumi.String("example-db"),
			ServerId:      exampleServer.ID(),
			Collation:     pulumi.String("SQL_Latin1_General_CP1_CI_AS"),
			LicenseType:   pulumi.String("LicenseIncluded"),
			MaxSizeGb:     pulumi.Int(4),
			ReadScale:     pulumi.Bool(true),
			SkuName:       pulumi.String("S0"),
			ZoneRedundant: pulumi.Bool(true),
			EnclaveType:   pulumi.String("VBS"),
			Tags: pulumi.StringMap{
				"foo": pulumi.String("bar"),
			},
			Identity: &mssql.DatabaseIdentityArgs{
				Type: pulumi.String("UserAssigned"),
				IdentityIds: pulumi.StringArray{
					exampleUserAssignedIdentity.ID(),
				},
			},
			TransparentDataEncryptionKeyVaultKeyId: exampleKey.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
    {
        Name = "example-admin",
        Location = example.Location,
        ResourceGroupName = example.Name,
    });

    var exampleAccount = new Azure.Storage.Account("example", new()
    {
        Name = "examplesa",
        ResourceGroupName = example.Name,
        Location = example.Location,
        AccountTier = "Standard",
        AccountReplicationType = "LRS",
    });

    var exampleServer = new Azure.MSSql.Server("example", new()
    {
        Name = "example-sqlserver",
        ResourceGroupName = example.Name,
        Location = example.Location,
        Version = "12.0",
        AdministratorLogin = "4dm1n157r470r",
        AdministratorLoginPassword = "4-v3ry-53cr37-p455w0rd",
    });

    // Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
    var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
    {
        Name = "mssqltdeexample",
        Location = example.Location,
        ResourceGroupName = example.Name,
        EnabledForDiskEncryption = true,
        TenantId = exampleUserAssignedIdentity.TenantId,
        SoftDeleteRetentionDays = 7,
        PurgeProtectionEnabled = true,
        SkuName = "standard",
        AccessPolicies = new[]
        {
            new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
            {
                TenantId = current.TenantId,
                ObjectId = current.ObjectId,
                KeyPermissions = new[]
                {
                    "Get",
                    "List",
                    "Create",
                    "Delete",
                    "Update",
                    "Recover",
                    "Purge",
                    "GetRotationPolicy",
                },
            },
            new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
            {
                TenantId = exampleUserAssignedIdentity.TenantId,
                ObjectId = exampleUserAssignedIdentity.PrincipalId,
                KeyPermissions = new[]
                {
                    "Get",
                    "WrapKey",
                    "UnwrapKey",
                },
            },
        },
    });

    var exampleKey = new Azure.KeyVault.Key("example", new()
    {
        Name = "example-key",
        KeyVaultId = exampleKeyVault.Id,
        KeyType = "RSA",
        KeySize = 2048,
        KeyOpts = new[]
        {
            "unwrapKey",
            "wrapKey",
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            exampleKeyVault,
        },
    });

    var exampleDatabase = new Azure.MSSql.Database("example", new()
    {
        Name = "example-db",
        ServerId = exampleServer.Id,
        Collation = "SQL_Latin1_General_CP1_CI_AS",
        LicenseType = "LicenseIncluded",
        MaxSizeGb = 4,
        ReadScale = true,
        SkuName = "S0",
        ZoneRedundant = true,
        EnclaveType = "VBS",
        Tags = 
        {
            { "foo", "bar" },
        },
        Identity = new Azure.MSSql.Inputs.DatabaseIdentityArgs
        {
            Type = "UserAssigned",
            IdentityIds = new[]
            {
                exampleUserAssignedIdentity.Id,
            },
        },
        TransparentDataEncryptionKeyVaultKeyId = exampleKey.Id,
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.mssql.Server;
import com.pulumi.azure.mssql.ServerArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.mssql.Database;
import com.pulumi.azure.mssql.DatabaseArgs;
import com.pulumi.azure.mssql.inputs.DatabaseIdentityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
            .name("example-admin")
            .location(example.location())
            .resourceGroupName(example.name())
            .build());

        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .name("examplesa")
            .resourceGroupName(example.name())
            .location(example.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());

        var exampleServer = new Server("exampleServer", ServerArgs.builder()
            .name("example-sqlserver")
            .resourceGroupName(example.name())
            .location(example.location())
            .version("12.0")
            .administratorLogin("4dm1n157r470r")
            .administratorLoginPassword("4-v3ry-53cr37-p455w0rd")
            .build());

        // Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
            .name("mssqltdeexample")
            .location(example.location())
            .resourceGroupName(example.name())
            .enabledForDiskEncryption(true)
            .tenantId(exampleUserAssignedIdentity.tenantId())
            .softDeleteRetentionDays(7)
            .purgeProtectionEnabled(true)
            .skuName("standard")
            .accessPolicies(            
                KeyVaultAccessPolicyArgs.builder()
                    .tenantId(current.tenantId())
                    .objectId(current.objectId())
                    .keyPermissions(                    
                        "Get",
                        "List",
                        "Create",
                        "Delete",
                        "Update",
                        "Recover",
                        "Purge",
                        "GetRotationPolicy")
                    .build(),
                KeyVaultAccessPolicyArgs.builder()
                    .tenantId(exampleUserAssignedIdentity.tenantId())
                    .objectId(exampleUserAssignedIdentity.principalId())
                    .keyPermissions(                    
                        "Get",
                        "WrapKey",
                        "UnwrapKey")
                    .build())
            .build());

        var exampleKey = new Key("exampleKey", KeyArgs.builder()
            .name("example-key")
            .keyVaultId(exampleKeyVault.id())
            .keyType("RSA")
            .keySize(2048)
            .keyOpts(            
                "unwrapKey",
                "wrapKey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleKeyVault)
                .build());

        var exampleDatabase = new Database("exampleDatabase", DatabaseArgs.builder()
            .name("example-db")
            .serverId(exampleServer.id())
            .collation("SQL_Latin1_General_CP1_CI_AS")
            .licenseType("LicenseIncluded")
            .maxSizeGb(4)
            .readScale(true)
            .skuName("S0")
            .zoneRedundant(true)
            .enclaveType("VBS")
            .tags(Map.of("foo", "bar"))
            .identity(DatabaseIdentityArgs.builder()
                .type("UserAssigned")
                .identityIds(exampleUserAssignedIdentity.id())
                .build())
            .transparentDataEncryptionKeyVaultKeyId(exampleKey.id())
            .build());

    }
}

    resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleUserAssignedIdentity:
    type: azure:authorization:UserAssignedIdentity
    name: example
    properties:
      name: example-admin
      location: ${example.location}
      resourceGroupName: ${example.name}
  exampleAccount:
    type: azure:storage:Account
    name: example
    properties:
      name: examplesa
      resourceGroupName: ${example.name}
      location: ${example.location}
      accountTier: Standard
      accountReplicationType: LRS
  exampleServer:
    type: azure:mssql:Server
    name: example
    properties:
      name: example-sqlserver
      resourceGroupName: ${example.name}
      location: ${example.location}
      version: '12.0'
      administratorLogin: 4dm1n157r470r
      administratorLoginPassword: 4-v3ry-53cr37-p455w0rd
  exampleDatabase:
    type: azure:mssql:Database
    name: example
    properties:
      name: example-db
      serverId: ${exampleServer.id}
      collation: SQL_Latin1_General_CP1_CI_AS
      licenseType: LicenseIncluded
      maxSizeGb: 4
      readScale: true
      skuName: S0
      zoneRedundant: true
      enclaveType: VBS
      tags:
        foo: bar
      identity:
        type: UserAssigned
        identityIds:
          - ${exampleUserAssignedIdentity.id}
      transparentDataEncryptionKeyVaultKeyId: ${exampleKey.id}
  # Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    name: example
    properties:
      name: mssqltdeexample
      location: ${example.location}
      resourceGroupName: ${example.name}
      enabledForDiskEncryption: true
      tenantId: ${exampleUserAssignedIdentity.tenantId}
      softDeleteRetentionDays: 7
      purgeProtectionEnabled: true
      skuName: standard
      accessPolicies:
        - tenantId: ${current.tenantId}
          objectId: ${current.objectId}
          keyPermissions:
            - Get
            - List
            - Create
            - Delete
            - Update
            - Recover
            - Purge
            - GetRotationPolicy
        - tenantId: ${exampleUserAssignedIdentity.tenantId}
          objectId: ${exampleUserAssignedIdentity.principalId}
          keyPermissions:
            - Get
            - WrapKey
            - UnwrapKey
  exampleKey:
    type: azure:keyvault:Key
    name: example
    properties:
      name: example-key
      keyVaultId: ${exampleKeyVault.id}
      keyType: RSA
      keySize: 2048
      keyOpts:
        - unwrapKey
        - wrapKey
    options:
      dependsOn:
        - ${exampleKeyVault}

    API Providers

    This resource uses the following Azure API Providers:

    • Microsoft.Sql: 2023-08-01-preview

    Create Database Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Database(name: string, args: DatabaseArgs, opts?: CustomResourceOptions);
    @overload
def Database(resource_name: str,
             args: DatabaseArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Database(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             server_id: Optional[str] = None,
             read_replica_count: Optional[int] = None,
             recover_database_id: Optional[str] = None,
             creation_source_database_id: Optional[str] = None,
             elastic_pool_id: Optional[str] = None,
             enclave_type: Optional[str] = None,
             geo_backup_enabled: Optional[bool] = None,
             identity: Optional[DatabaseIdentityArgs] = None,
             import_: Optional[DatabaseImportArgs] = None,
             ledger_enabled: Optional[bool] = None,
             license_type: Optional[str] = None,
             recovery_point_id: Optional[str] = None,
             maintenance_configuration_name: Optional[str] = None,
             max_size_gb: Optional[int] = None,
             min_capacity: Optional[float] = None,
             name: Optional[str] = None,
             auto_pause_delay_in_minutes: Optional[int] = None,
             create_mode: Optional[str] = None,
             read_scale: Optional[bool] = None,
             long_term_retention_policy: Optional[DatabaseLongTermRetentionPolicyArgs] = None,
             restore_dropped_database_id: Optional[str] = None,
             restore_long_term_retention_backup_id: Optional[str] = None,
             restore_point_in_time: Optional[str] = None,
             sample_name: Optional[str] = None,
             secondary_type: Optional[str] = None,
             collation: Optional[str] = None,
             short_term_retention_policy: Optional[DatabaseShortTermRetentionPolicyArgs] = None,
             sku_name: Optional[str] = None,
             storage_account_type: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             threat_detection_policy: Optional[DatabaseThreatDetectionPolicyArgs] = None,
             transparent_data_encryption_enabled: Optional[bool] = None,
             transparent_data_encryption_key_automatic_rotation_enabled: Optional[bool] = None,
             transparent_data_encryption_key_vault_key_id: Optional[str] = None,
             zone_redundant: Optional[bool] = None)
    func NewDatabase(ctx *Context, name string, args DatabaseArgs, opts ...ResourceOption) (*Database, error)
    public Database(string name, DatabaseArgs args, CustomResourceOptions? opts = null)
    public Database(String name, DatabaseArgs args)
public Database(String name, DatabaseArgs args, CustomResourceOptions options)

    type: azure:mssql:Database
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args DatabaseArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DatabaseArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DatabaseArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DatabaseArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DatabaseArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var azureDatabaseResource = new Azure.MSSql.Database("azureDatabaseResource", new()
{
    ServerId = "string",
    ReadReplicaCount = 0,
    RecoverDatabaseId = "string",
    CreationSourceDatabaseId = "string",
    ElasticPoolId = "string",
    EnclaveType = "string",
    GeoBackupEnabled = false,
    Identity = new Azure.MSSql.Inputs.DatabaseIdentityArgs
    {
        IdentityIds = new[]
        {
            "string",
        },
        Type = "string",
    },
    Import = new Azure.MSSql.Inputs.DatabaseImportArgs
    {
        AdministratorLogin = "string",
        AdministratorLoginPassword = "string",
        AuthenticationType = "string",
        StorageKey = "string",
        StorageKeyType = "string",
        StorageUri = "string",
        StorageAccountId = "string",
    },
    LedgerEnabled = false,
    LicenseType = "string",
    RecoveryPointId = "string",
    MaintenanceConfigurationName = "string",
    MaxSizeGb = 0,
    MinCapacity = 0,
    Name = "string",
    AutoPauseDelayInMinutes = 0,
    CreateMode = "string",
    ReadScale = false,
    LongTermRetentionPolicy = new Azure.MSSql.Inputs.DatabaseLongTermRetentionPolicyArgs
    {
        ImmutableBackupsEnabled = false,
        MonthlyRetention = "string",
        WeekOfYear = 0,
        WeeklyRetention = "string",
        YearlyRetention = "string",
    },
    RestoreDroppedDatabaseId = "string",
    RestoreLongTermRetentionBackupId = "string",
    RestorePointInTime = "string",
    SampleName = "string",
    SecondaryType = "string",
    Collation = "string",
    ShortTermRetentionPolicy = new Azure.MSSql.Inputs.DatabaseShortTermRetentionPolicyArgs
    {
        RetentionDays = 0,
        BackupIntervalInHours = 0,
    },
    SkuName = "string",
    StorageAccountType = "string",
    Tags = 
    {
        { "string", "string" },
    },
    ThreatDetectionPolicy = new Azure.MSSql.Inputs.DatabaseThreatDetectionPolicyArgs
    {
        DisabledAlerts = new[]
        {
            "string",
        },
        EmailAccountAdmins = "string",
        EmailAddresses = new[]
        {
            "string",
        },
        RetentionDays = 0,
        State = "string",
        StorageAccountAccessKey = "string",
        StorageEndpoint = "string",
    },
    TransparentDataEncryptionEnabled = false,
    TransparentDataEncryptionKeyAutomaticRotationEnabled = false,
    TransparentDataEncryptionKeyVaultKeyId = "string",
    ZoneRedundant = false,
});

    example, err := mssql.NewDatabase(ctx, "azureDatabaseResource", &mssql.DatabaseArgs{
	ServerId:                 pulumi.String("string"),
	ReadReplicaCount:         pulumi.Int(0),
	RecoverDatabaseId:        pulumi.String("string"),
	CreationSourceDatabaseId: pulumi.String("string"),
	ElasticPoolId:            pulumi.String("string"),
	EnclaveType:              pulumi.String("string"),
	GeoBackupEnabled:         pulumi.Bool(false),
	Identity: &mssql.DatabaseIdentityArgs{
		IdentityIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		Type: pulumi.String("string"),
	},
	Import: &mssql.DatabaseImportArgs{
		AdministratorLogin:         pulumi.String("string"),
		AdministratorLoginPassword: pulumi.String("string"),
		AuthenticationType:         pulumi.String("string"),
		StorageKey:                 pulumi.String("string"),
		StorageKeyType:             pulumi.String("string"),
		StorageUri:                 pulumi.String("string"),
		StorageAccountId:           pulumi.String("string"),
	},
	LedgerEnabled:                pulumi.Bool(false),
	LicenseType:                  pulumi.String("string"),
	RecoveryPointId:              pulumi.String("string"),
	MaintenanceConfigurationName: pulumi.String("string"),
	MaxSizeGb:                    pulumi.Int(0),
	MinCapacity:                  pulumi.Float64(0),
	Name:                         pulumi.String("string"),
	AutoPauseDelayInMinutes:      pulumi.Int(0),
	CreateMode:                   pulumi.String("string"),
	ReadScale:                    pulumi.Bool(false),
	LongTermRetentionPolicy: &mssql.DatabaseLongTermRetentionPolicyArgs{
		ImmutableBackupsEnabled: pulumi.Bool(false),
		MonthlyRetention:        pulumi.String("string"),
		WeekOfYear:              pulumi.Int(0),
		WeeklyRetention:         pulumi.String("string"),
		YearlyRetention:         pulumi.String("string"),
	},
	RestoreDroppedDatabaseId:         pulumi.String("string"),
	RestoreLongTermRetentionBackupId: pulumi.String("string"),
	RestorePointInTime:               pulumi.String("string"),
	SampleName:                       pulumi.String("string"),
	SecondaryType:                    pulumi.String("string"),
	Collation:                        pulumi.String("string"),
	ShortTermRetentionPolicy: &mssql.DatabaseShortTermRetentionPolicyArgs{
		RetentionDays:         pulumi.Int(0),
		BackupIntervalInHours: pulumi.Int(0),
	},
	SkuName:            pulumi.String("string"),
	StorageAccountType: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	ThreatDetectionPolicy: &mssql.DatabaseThreatDetectionPolicyArgs{
		DisabledAlerts: pulumi.StringArray{
			pulumi.String("string"),
		},
		EmailAccountAdmins: pulumi.String("string"),
		EmailAddresses: pulumi.StringArray{
			pulumi.String("string"),
		},
		RetentionDays:           pulumi.Int(0),
		State:                   pulumi.String("string"),
		StorageAccountAccessKey: pulumi.String("string"),
		StorageEndpoint:         pulumi.String("string"),
	},
	TransparentDataEncryptionEnabled:                     pulumi.Bool(false),
	TransparentDataEncryptionKeyAutomaticRotationEnabled: pulumi.Bool(false),
	TransparentDataEncryptionKeyVaultKeyId:               pulumi.String("string"),
	ZoneRedundant:                                        pulumi.Bool(false),
})

    var azureDatabaseResource = new com.pulumi.azure.mssql.Database("azureDatabaseResource", com.pulumi.azure.mssql.DatabaseArgs.builder()
    .serverId("string")
    .readReplicaCount(0)
    .recoverDatabaseId("string")
    .creationSourceDatabaseId("string")
    .elasticPoolId("string")
    .enclaveType("string")
    .geoBackupEnabled(false)
    .identity(DatabaseIdentityArgs.builder()
        .identityIds("string")
        .type("string")
        .build())
    .import_(DatabaseImportArgs.builder()
        .administratorLogin("string")
        .administratorLoginPassword("string")
        .authenticationType("string")
        .storageKey("string")
        .storageKeyType("string")
        .storageUri("string")
        .storageAccountId("string")
        .build())
    .ledgerEnabled(false)
    .licenseType("string")
    .recoveryPointId("string")
    .maintenanceConfigurationName("string")
    .maxSizeGb(0)
    .minCapacity(0.0)
    .name("string")
    .autoPauseDelayInMinutes(0)
    .createMode("string")
    .readScale(false)
    .longTermRetentionPolicy(DatabaseLongTermRetentionPolicyArgs.builder()
        .immutableBackupsEnabled(false)
        .monthlyRetention("string")
        .weekOfYear(0)
        .weeklyRetention("string")
        .yearlyRetention("string")
        .build())
    .restoreDroppedDatabaseId("string")
    .restoreLongTermRetentionBackupId("string")
    .restorePointInTime("string")
    .sampleName("string")
    .secondaryType("string")
    .collation("string")
    .shortTermRetentionPolicy(DatabaseShortTermRetentionPolicyArgs.builder()
        .retentionDays(0)
        .backupIntervalInHours(0)
        .build())
    .skuName("string")
    .storageAccountType("string")
    .tags(Map.of("string", "string"))
    .threatDetectionPolicy(DatabaseThreatDetectionPolicyArgs.builder()
        .disabledAlerts("string")
        .emailAccountAdmins("string")
        .emailAddresses("string")
        .retentionDays(0)
        .state("string")
        .storageAccountAccessKey("string")
        .storageEndpoint("string")
        .build())
    .transparentDataEncryptionEnabled(false)
    .transparentDataEncryptionKeyAutomaticRotationEnabled(false)
    .transparentDataEncryptionKeyVaultKeyId("string")
    .zoneRedundant(false)
    .build());

    azure_database_resource = azure.mssql.Database("azureDatabaseResource",
    server_id="string",
    read_replica_count=0,
    recover_database_id="string",
    creation_source_database_id="string",
    elastic_pool_id="string",
    enclave_type="string",
    geo_backup_enabled=False,
    identity={
        "identity_ids": ["string"],
        "type": "string",
    },
    import_={
        "administrator_login": "string",
        "administrator_login_password": "string",
        "authentication_type": "string",
        "storage_key": "string",
        "storage_key_type": "string",
        "storage_uri": "string",
        "storage_account_id": "string",
    },
    ledger_enabled=False,
    license_type="string",
    recovery_point_id="string",
    maintenance_configuration_name="string",
    max_size_gb=0,
    min_capacity=0,
    name="string",
    auto_pause_delay_in_minutes=0,
    create_mode="string",
    read_scale=False,
    long_term_retention_policy={
        "immutable_backups_enabled": False,
        "monthly_retention": "string",
        "week_of_year": 0,
        "weekly_retention": "string",
        "yearly_retention": "string",
    },
    restore_dropped_database_id="string",
    restore_long_term_retention_backup_id="string",
    restore_point_in_time="string",
    sample_name="string",
    secondary_type="string",
    collation="string",
    short_term_retention_policy={
        "retention_days": 0,
        "backup_interval_in_hours": 0,
    },
    sku_name="string",
    storage_account_type="string",
    tags={
        "string": "string",
    },
    threat_detection_policy={
        "disabled_alerts": ["string"],
        "email_account_admins": "string",
        "email_addresses": ["string"],
        "retention_days": 0,
        "state": "string",
        "storage_account_access_key": "string",
        "storage_endpoint": "string",
    },
    transparent_data_encryption_enabled=False,
    transparent_data_encryption_key_automatic_rotation_enabled=False,
    transparent_data_encryption_key_vault_key_id="string",
    zone_redundant=False)

    const azureDatabaseResource = new azure.mssql.Database("azureDatabaseResource", {
    serverId: "string",
    readReplicaCount: 0,
    recoverDatabaseId: "string",
    creationSourceDatabaseId: "string",
    elasticPoolId: "string",
    enclaveType: "string",
    geoBackupEnabled: false,
    identity: {
        identityIds: ["string"],
        type: "string",
    },
    "import": {
        administratorLogin: "string",
        administratorLoginPassword: "string",
        authenticationType: "string",
        storageKey: "string",
        storageKeyType: "string",
        storageUri: "string",
        storageAccountId: "string",
    },
    ledgerEnabled: false,
    licenseType: "string",
    recoveryPointId: "string",
    maintenanceConfigurationName: "string",
    maxSizeGb: 0,
    minCapacity: 0,
    name: "string",
    autoPauseDelayInMinutes: 0,
    createMode: "string",
    readScale: false,
    longTermRetentionPolicy: {
        immutableBackupsEnabled: false,
        monthlyRetention: "string",
        weekOfYear: 0,
        weeklyRetention: "string",
        yearlyRetention: "string",
    },
    restoreDroppedDatabaseId: "string",
    restoreLongTermRetentionBackupId: "string",
    restorePointInTime: "string",
    sampleName: "string",
    secondaryType: "string",
    collation: "string",
    shortTermRetentionPolicy: {
        retentionDays: 0,
        backupIntervalInHours: 0,
    },
    skuName: "string",
    storageAccountType: "string",
    tags: {
        string: "string",
    },
    threatDetectionPolicy: {
        disabledAlerts: ["string"],
        emailAccountAdmins: "string",
        emailAddresses: ["string"],
        retentionDays: 0,
        state: "string",
        storageAccountAccessKey: "string",
        storageEndpoint: "string",
    },
    transparentDataEncryptionEnabled: false,
    transparentDataEncryptionKeyAutomaticRotationEnabled: false,
    transparentDataEncryptionKeyVaultKeyId: "string",
    zoneRedundant: false,
});

    type: azure:mssql:Database
properties:
    autoPauseDelayInMinutes: 0
    collation: string
    createMode: string
    creationSourceDatabaseId: string
    elasticPoolId: string
    enclaveType: string
    geoBackupEnabled: false
    identity:
        identityIds:
            - string
        type: string
    import:
        administratorLogin: string
        administratorLoginPassword: string
        authenticationType: string
        storageAccountId: string
        storageKey: string
        storageKeyType: string
        storageUri: string
    ledgerEnabled: false
    licenseType: string
    longTermRetentionPolicy:
        immutableBackupsEnabled: false
        monthlyRetention: string
        weekOfYear: 0
        weeklyRetention: string
        yearlyRetention: string
    maintenanceConfigurationName: string
    maxSizeGb: 0
    minCapacity: 0
    name: string
    readReplicaCount: 0
    readScale: false
    recoverDatabaseId: string
    recoveryPointId: string
    restoreDroppedDatabaseId: string
    restoreLongTermRetentionBackupId: string
    restorePointInTime: string
    sampleName: string
    secondaryType: string
    serverId: string
    shortTermRetentionPolicy:
        backupIntervalInHours: 0
        retentionDays: 0
    skuName: string
    storageAccountType: string
    tags:
        string: string
    threatDetectionPolicy:
        disabledAlerts:
            - string
        emailAccountAdmins: string
        emailAddresses:
            - string
        retentionDays: 0
        state: string
        storageAccountAccessKey: string
        storageEndpoint: string
    transparentDataEncryptionEnabled: false
    transparentDataEncryptionKeyAutomaticRotationEnabled: false
    transparentDataEncryptionKeyVaultKeyId: string
    zoneRedundant: false

    Database Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Database resource accepts the following input properties:

    ServerId string

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    AutoPauseDelayInMinutes int
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    Collation string
    Specifies the collation of the database. Changing this forces a new resource to be created.
    CreateMode string
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    CreationSourceDatabaseId string

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    ElasticPoolId string
    Specifies the ID of the elastic pool containing this database.
    EnclaveType string

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    GeoBackupEnabled bool

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    Identity DatabaseIdentity
    An identity block as defined below.
    Import DatabaseImport
    A import block as documented below. Mutually exclusive with create_mode.
    LedgerEnabled bool
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    LicenseType string
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    LongTermRetentionPolicy DatabaseLongTermRetentionPolicy
    A long_term_retention_policy block as defined below.
    MaintenanceConfigurationName string

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    MaxSizeGb int

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    MinCapacity double
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    Name string
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    ReadReplicaCount int
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    ReadScale bool
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    RecoverDatabaseId string
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    RecoveryPointId string
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    RestoreDroppedDatabaseId string
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    RestoreLongTermRetentionBackupId string
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    RestorePointInTime string
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    SampleName string
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    SecondaryType string
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    ShortTermRetentionPolicy DatabaseShortTermRetentionPolicy
    A short_term_retention_policy block as defined below.
    SkuName string

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    StorageAccountType string
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    ThreatDetectionPolicy DatabaseThreatDetectionPolicy
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    TransparentDataEncryptionEnabled bool

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    TransparentDataEncryptionKeyAutomaticRotationEnabled bool

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    TransparentDataEncryptionKeyVaultKeyId string

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    ZoneRedundant bool
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    ServerId string

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    AutoPauseDelayInMinutes int
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    Collation string
    Specifies the collation of the database. Changing this forces a new resource to be created.
    CreateMode string
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    CreationSourceDatabaseId string

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    ElasticPoolId string
    Specifies the ID of the elastic pool containing this database.
    EnclaveType string

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    GeoBackupEnabled bool

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    Identity DatabaseIdentityArgs
    An identity block as defined below.
    Import DatabaseImportArgs
    A import block as documented below. Mutually exclusive with create_mode.
    LedgerEnabled bool
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    LicenseType string
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    LongTermRetentionPolicy DatabaseLongTermRetentionPolicyArgs
    A long_term_retention_policy block as defined below.
    MaintenanceConfigurationName string

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    MaxSizeGb int

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    MinCapacity float64
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    Name string
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    ReadReplicaCount int
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    ReadScale bool
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    RecoverDatabaseId string
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    RecoveryPointId string
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    RestoreDroppedDatabaseId string
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    RestoreLongTermRetentionBackupId string
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    RestorePointInTime string
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    SampleName string
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    SecondaryType string
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    ShortTermRetentionPolicy DatabaseShortTermRetentionPolicyArgs
    A short_term_retention_policy block as defined below.
    SkuName string

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    StorageAccountType string
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    ThreatDetectionPolicy DatabaseThreatDetectionPolicyArgs
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    TransparentDataEncryptionEnabled bool

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    TransparentDataEncryptionKeyAutomaticRotationEnabled bool

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    TransparentDataEncryptionKeyVaultKeyId string

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    ZoneRedundant bool
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    serverId String

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    autoPauseDelayInMinutes Integer
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation String
    Specifies the collation of the database. Changing this forces a new resource to be created.
    createMode String
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creationSourceDatabaseId String

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elasticPoolId String
    Specifies the ID of the elastic pool containing this database.
    enclaveType String

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geoBackupEnabled Boolean

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity DatabaseIdentity
    An identity block as defined below.
    import_ DatabaseImport
    A import block as documented below. Mutually exclusive with create_mode.
    ledgerEnabled Boolean
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    licenseType String
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    longTermRetentionPolicy DatabaseLongTermRetentionPolicy
    A long_term_retention_policy block as defined below.
    maintenanceConfigurationName String

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    maxSizeGb Integer

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    minCapacity Double
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name String
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    readReplicaCount Integer
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    readScale Boolean
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recoverDatabaseId String
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recoveryPointId String
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restoreDroppedDatabaseId String
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restoreLongTermRetentionBackupId String
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restorePointInTime String
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sampleName String
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondaryType String
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    shortTermRetentionPolicy DatabaseShortTermRetentionPolicy
    A short_term_retention_policy block as defined below.
    skuName String

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storageAccountType String
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    threatDetectionPolicy DatabaseThreatDetectionPolicy
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparentDataEncryptionEnabled Boolean

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparentDataEncryptionKeyAutomaticRotationEnabled Boolean

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparentDataEncryptionKeyVaultKeyId String

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zoneRedundant Boolean
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    serverId string

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    autoPauseDelayInMinutes number
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation string
    Specifies the collation of the database. Changing this forces a new resource to be created.
    createMode string
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creationSourceDatabaseId string

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elasticPoolId string
    Specifies the ID of the elastic pool containing this database.
    enclaveType string

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geoBackupEnabled boolean

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity DatabaseIdentity
    An identity block as defined below.
    import DatabaseImport
    A import block as documented below. Mutually exclusive with create_mode.
    ledgerEnabled boolean
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    licenseType string
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    longTermRetentionPolicy DatabaseLongTermRetentionPolicy
    A long_term_retention_policy block as defined below.
    maintenanceConfigurationName string

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    maxSizeGb number

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    minCapacity number
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name string
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    readReplicaCount number
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    readScale boolean
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recoverDatabaseId string
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recoveryPointId string
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restoreDroppedDatabaseId string
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restoreLongTermRetentionBackupId string
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restorePointInTime string
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sampleName string
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondaryType string
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    shortTermRetentionPolicy DatabaseShortTermRetentionPolicy
    A short_term_retention_policy block as defined below.
    skuName string

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storageAccountType string
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    threatDetectionPolicy DatabaseThreatDetectionPolicy
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparentDataEncryptionEnabled boolean

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparentDataEncryptionKeyAutomaticRotationEnabled boolean

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparentDataEncryptionKeyVaultKeyId string

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zoneRedundant boolean
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    server_id str

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    auto_pause_delay_in_minutes int
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation str
    Specifies the collation of the database. Changing this forces a new resource to be created.
    create_mode str
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creation_source_database_id str

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elastic_pool_id str
    Specifies the ID of the elastic pool containing this database.
    enclave_type str

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geo_backup_enabled bool

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity DatabaseIdentityArgs
    An identity block as defined below.
    import_ DatabaseImportArgs
    A import block as documented below. Mutually exclusive with create_mode.
    ledger_enabled bool
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    license_type str
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    long_term_retention_policy DatabaseLongTermRetentionPolicyArgs
    A long_term_retention_policy block as defined below.
    maintenance_configuration_name str

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    max_size_gb int

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    min_capacity float
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name str
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    read_replica_count int
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    read_scale bool
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recover_database_id str
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recovery_point_id str
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restore_dropped_database_id str
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restore_long_term_retention_backup_id str
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restore_point_in_time str
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sample_name str
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondary_type str
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    short_term_retention_policy DatabaseShortTermRetentionPolicyArgs
    A short_term_retention_policy block as defined below.
    sku_name str

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storage_account_type str
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    threat_detection_policy DatabaseThreatDetectionPolicyArgs
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparent_data_encryption_enabled bool

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparent_data_encryption_key_automatic_rotation_enabled bool

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparent_data_encryption_key_vault_key_id str

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zone_redundant bool
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    serverId String

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    autoPauseDelayInMinutes Number
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation String
    Specifies the collation of the database. Changing this forces a new resource to be created.
    createMode String
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creationSourceDatabaseId String

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elasticPoolId String
    Specifies the ID of the elastic pool containing this database.
    enclaveType String

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geoBackupEnabled Boolean

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity Property Map
    An identity block as defined below.
    import Property Map
    A import block as documented below. Mutually exclusive with create_mode.
    ledgerEnabled Boolean
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    licenseType String
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    longTermRetentionPolicy Property Map
    A long_term_retention_policy block as defined below.
    maintenanceConfigurationName String

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    maxSizeGb Number

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    minCapacity Number
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name String
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    readReplicaCount Number
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    readScale Boolean
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recoverDatabaseId String
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recoveryPointId String
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restoreDroppedDatabaseId String
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restoreLongTermRetentionBackupId String
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restorePointInTime String
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sampleName String
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondaryType String
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    shortTermRetentionPolicy Property Map
    A short_term_retention_policy block as defined below.
    skuName String

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storageAccountType String
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags Map<String>
    A mapping of tags to assign to the resource.
    threatDetectionPolicy Property Map
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparentDataEncryptionEnabled Boolean

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparentDataEncryptionKeyAutomaticRotationEnabled Boolean

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparentDataEncryptionKeyVaultKeyId String

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zoneRedundant Boolean
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Database resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Database Resource

    Get an existing Database resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DatabaseState, opts?: CustomResourceOptions): Database
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auto_pause_delay_in_minutes: Optional[int] = None,
        collation: Optional[str] = None,
        create_mode: Optional[str] = None,
        creation_source_database_id: Optional[str] = None,
        elastic_pool_id: Optional[str] = None,
        enclave_type: Optional[str] = None,
        geo_backup_enabled: Optional[bool] = None,
        identity: Optional[DatabaseIdentityArgs] = None,
        import_: Optional[DatabaseImportArgs] = None,
        ledger_enabled: Optional[bool] = None,
        license_type: Optional[str] = None,
        long_term_retention_policy: Optional[DatabaseLongTermRetentionPolicyArgs] = None,
        maintenance_configuration_name: Optional[str] = None,
        max_size_gb: Optional[int] = None,
        min_capacity: Optional[float] = None,
        name: Optional[str] = None,
        read_replica_count: Optional[int] = None,
        read_scale: Optional[bool] = None,
        recover_database_id: Optional[str] = None,
        recovery_point_id: Optional[str] = None,
        restore_dropped_database_id: Optional[str] = None,
        restore_long_term_retention_backup_id: Optional[str] = None,
        restore_point_in_time: Optional[str] = None,
        sample_name: Optional[str] = None,
        secondary_type: Optional[str] = None,
        server_id: Optional[str] = None,
        short_term_retention_policy: Optional[DatabaseShortTermRetentionPolicyArgs] = None,
        sku_name: Optional[str] = None,
        storage_account_type: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        threat_detection_policy: Optional[DatabaseThreatDetectionPolicyArgs] = None,
        transparent_data_encryption_enabled: Optional[bool] = None,
        transparent_data_encryption_key_automatic_rotation_enabled: Optional[bool] = None,
        transparent_data_encryption_key_vault_key_id: Optional[str] = None,
        zone_redundant: Optional[bool] = None) -> Database
    func GetDatabase(ctx *Context, name string, id IDInput, state *DatabaseState, opts ...ResourceOption) (*Database, error)
    public static Database Get(string name, Input<string> id, DatabaseState? state, CustomResourceOptions? opts = null)
    public static Database get(String name, Output<String> id, DatabaseState state, CustomResourceOptions options)
    resources:  _:    type: azure:mssql:Database    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AutoPauseDelayInMinutes int
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    Collation string
    Specifies the collation of the database. Changing this forces a new resource to be created.
    CreateMode string
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    CreationSourceDatabaseId string

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    ElasticPoolId string
    Specifies the ID of the elastic pool containing this database.
    EnclaveType string

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    GeoBackupEnabled bool

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    Identity DatabaseIdentity
    An identity block as defined below.
    Import DatabaseImport
    A import block as documented below. Mutually exclusive with create_mode.
    LedgerEnabled bool
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    LicenseType string
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    LongTermRetentionPolicy DatabaseLongTermRetentionPolicy
    A long_term_retention_policy block as defined below.
    MaintenanceConfigurationName string

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    MaxSizeGb int

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    MinCapacity double
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    Name string
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    ReadReplicaCount int
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    ReadScale bool
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    RecoverDatabaseId string
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    RecoveryPointId string
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    RestoreDroppedDatabaseId string
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    RestoreLongTermRetentionBackupId string
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    RestorePointInTime string
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    SampleName string
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    SecondaryType string
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    ServerId string

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    ShortTermRetentionPolicy DatabaseShortTermRetentionPolicy
    A short_term_retention_policy block as defined below.
    SkuName string

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    StorageAccountType string
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    ThreatDetectionPolicy DatabaseThreatDetectionPolicy
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    TransparentDataEncryptionEnabled bool

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    TransparentDataEncryptionKeyAutomaticRotationEnabled bool

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    TransparentDataEncryptionKeyVaultKeyId string

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    ZoneRedundant bool
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    AutoPauseDelayInMinutes int
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    Collation string
    Specifies the collation of the database. Changing this forces a new resource to be created.
    CreateMode string
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    CreationSourceDatabaseId string

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    ElasticPoolId string
    Specifies the ID of the elastic pool containing this database.
    EnclaveType string

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    GeoBackupEnabled bool

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    Identity DatabaseIdentityArgs
    An identity block as defined below.
    Import DatabaseImportArgs
    A import block as documented below. Mutually exclusive with create_mode.
    LedgerEnabled bool
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    LicenseType string
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    LongTermRetentionPolicy DatabaseLongTermRetentionPolicyArgs
    A long_term_retention_policy block as defined below.
    MaintenanceConfigurationName string

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    MaxSizeGb int

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    MinCapacity float64
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    Name string
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    ReadReplicaCount int
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    ReadScale bool
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    RecoverDatabaseId string
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    RecoveryPointId string
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    RestoreDroppedDatabaseId string
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    RestoreLongTermRetentionBackupId string
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    RestorePointInTime string
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    SampleName string
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    SecondaryType string
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    ServerId string

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    ShortTermRetentionPolicy DatabaseShortTermRetentionPolicyArgs
    A short_term_retention_policy block as defined below.
    SkuName string

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    StorageAccountType string
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    ThreatDetectionPolicy DatabaseThreatDetectionPolicyArgs
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    TransparentDataEncryptionEnabled bool

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    TransparentDataEncryptionKeyAutomaticRotationEnabled bool

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    TransparentDataEncryptionKeyVaultKeyId string

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    ZoneRedundant bool
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    autoPauseDelayInMinutes Integer
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation String
    Specifies the collation of the database. Changing this forces a new resource to be created.
    createMode String
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creationSourceDatabaseId String

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elasticPoolId String
    Specifies the ID of the elastic pool containing this database.
    enclaveType String

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geoBackupEnabled Boolean

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity DatabaseIdentity
    An identity block as defined below.
    import_ DatabaseImport
    A import block as documented below. Mutually exclusive with create_mode.
    ledgerEnabled Boolean
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    licenseType String
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    longTermRetentionPolicy DatabaseLongTermRetentionPolicy
    A long_term_retention_policy block as defined below.
    maintenanceConfigurationName String

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    maxSizeGb Integer

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    minCapacity Double
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name String
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    readReplicaCount Integer
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    readScale Boolean
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recoverDatabaseId String
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recoveryPointId String
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restoreDroppedDatabaseId String
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restoreLongTermRetentionBackupId String
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restorePointInTime String
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sampleName String
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondaryType String
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    serverId String

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    shortTermRetentionPolicy DatabaseShortTermRetentionPolicy
    A short_term_retention_policy block as defined below.
    skuName String

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storageAccountType String
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    threatDetectionPolicy DatabaseThreatDetectionPolicy
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparentDataEncryptionEnabled Boolean

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparentDataEncryptionKeyAutomaticRotationEnabled Boolean

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparentDataEncryptionKeyVaultKeyId String

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zoneRedundant Boolean
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    autoPauseDelayInMinutes number
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation string
    Specifies the collation of the database. Changing this forces a new resource to be created.
    createMode string
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creationSourceDatabaseId string

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elasticPoolId string
    Specifies the ID of the elastic pool containing this database.
    enclaveType string

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geoBackupEnabled boolean

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity DatabaseIdentity
    An identity block as defined below.
    import DatabaseImport
    A import block as documented below. Mutually exclusive with create_mode.
    ledgerEnabled boolean
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    licenseType string
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    longTermRetentionPolicy DatabaseLongTermRetentionPolicy
    A long_term_retention_policy block as defined below.
    maintenanceConfigurationName string

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    maxSizeGb number

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    minCapacity number
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name string
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    readReplicaCount number
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    readScale boolean
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recoverDatabaseId string
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recoveryPointId string
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restoreDroppedDatabaseId string
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restoreLongTermRetentionBackupId string
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restorePointInTime string
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sampleName string
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondaryType string
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    serverId string

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    shortTermRetentionPolicy DatabaseShortTermRetentionPolicy
    A short_term_retention_policy block as defined below.
    skuName string

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storageAccountType string
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    threatDetectionPolicy DatabaseThreatDetectionPolicy
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparentDataEncryptionEnabled boolean

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparentDataEncryptionKeyAutomaticRotationEnabled boolean

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparentDataEncryptionKeyVaultKeyId string

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zoneRedundant boolean
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    auto_pause_delay_in_minutes int
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation str
    Specifies the collation of the database. Changing this forces a new resource to be created.
    create_mode str
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creation_source_database_id str

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elastic_pool_id str
    Specifies the ID of the elastic pool containing this database.
    enclave_type str

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geo_backup_enabled bool

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity DatabaseIdentityArgs
    An identity block as defined below.
    import_ DatabaseImportArgs
    A import block as documented below. Mutually exclusive with create_mode.
    ledger_enabled bool
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    license_type str
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    long_term_retention_policy DatabaseLongTermRetentionPolicyArgs
    A long_term_retention_policy block as defined below.
    maintenance_configuration_name str

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    max_size_gb int

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    min_capacity float
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name str
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    read_replica_count int
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    read_scale bool
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recover_database_id str
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recovery_point_id str
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restore_dropped_database_id str
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restore_long_term_retention_backup_id str
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restore_point_in_time str
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sample_name str
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondary_type str
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    server_id str

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    short_term_retention_policy DatabaseShortTermRetentionPolicyArgs
    A short_term_retention_policy block as defined below.
    sku_name str

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storage_account_type str
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    threat_detection_policy DatabaseThreatDetectionPolicyArgs
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparent_data_encryption_enabled bool

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparent_data_encryption_key_automatic_rotation_enabled bool

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparent_data_encryption_key_vault_key_id str

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zone_redundant bool
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.
    autoPauseDelayInMinutes Number
    Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for Serverless databases.
    collation String
    Specifies the collation of the database. Changing this forces a new resource to be created.
    createMode String
    The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. Defaults to Default.
    creationSourceDatabaseId String

    The ID of the source database from which to create the new database. This should only be used for databases with create_mode values that use another database as reference. Changing this forces a new resource to be created.

    Note: When configuring a secondary database, please be aware of the constraints for the sku_name property, as noted below, for both the primary and secondary databases. The sku_name of the secondary database may be inadvertently changed to match that of the primary when an incompatible combination of SKUs is detected by the provider.

    elasticPoolId String
    Specifies the ID of the elastic pool containing this database.
    enclaveType String

    Specifies the type of enclave to be used by the elastic pool. When enclave_type is not specified (e.g., the default) enclaves are not enabled on the database. Once enabled (e.g., by specifying Default or VBS) removing the enclave_type field from the configuration file will force the creation of a new resource. Possible values are Default or VBS.

    Note: enclave_type is currently not supported for DW (e.g, DataWarehouse) and DC-series SKUs.

    Note: Geo Replicated and Failover databases must have the same enclave_type.

    Note: The default value for the enclave_type field is unset not Default.

    geoBackupEnabled Boolean

    A boolean that specifies if the Geo Backup Policy is enabled. Defaults to true.

    Note: geo_backup_enabled is only applicable for DataWarehouse SKUs (DW*). This setting is ignored for all other SKUs.

    identity Property Map
    An identity block as defined below.
    import Property Map
    A import block as documented below. Mutually exclusive with create_mode.
    ledgerEnabled Boolean
    A boolean that specifies if this is a ledger database. Defaults to false. Changing this forces a new resource to be created.
    licenseType String
    Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice.
    longTermRetentionPolicy Property Map
    A long_term_retention_policy block as defined below.
    maintenanceConfigurationName String

    The name of the Public Maintenance Configuration window to apply to the database. Valid values include SQL_Default, SQL_EastUS_DB_1, SQL_EastUS2_DB_1, SQL_SoutheastAsia_DB_1, SQL_AustraliaEast_DB_1, SQL_NorthEurope_DB_1, SQL_SouthCentralUS_DB_1, SQL_WestUS2_DB_1, SQL_UKSouth_DB_1, SQL_WestEurope_DB_1, SQL_EastUS_DB_2, SQL_EastUS2_DB_2, SQL_WestUS2_DB_2, SQL_SoutheastAsia_DB_2, SQL_AustraliaEast_DB_2, SQL_NorthEurope_DB_2, SQL_SouthCentralUS_DB_2, SQL_UKSouth_DB_2, SQL_WestEurope_DB_2, SQL_AustraliaSoutheast_DB_1, SQL_BrazilSouth_DB_1, SQL_CanadaCentral_DB_1, SQL_CanadaEast_DB_1, SQL_CentralUS_DB_1, SQL_EastAsia_DB_1, SQL_FranceCentral_DB_1, SQL_GermanyWestCentral_DB_1, SQL_CentralIndia_DB_1, SQL_SouthIndia_DB_1, SQL_JapanEast_DB_1, SQL_JapanWest_DB_1, SQL_NorthCentralUS_DB_1, SQL_UKWest_DB_1, SQL_WestUS_DB_1, SQL_AustraliaSoutheast_DB_2, SQL_BrazilSouth_DB_2, SQL_CanadaCentral_DB_2, SQL_CanadaEast_DB_2, SQL_CentralUS_DB_2, SQL_EastAsia_DB_2, SQL_FranceCentral_DB_2, SQL_GermanyWestCentral_DB_2, SQL_CentralIndia_DB_2, SQL_SouthIndia_DB_2, SQL_JapanEast_DB_2, SQL_JapanWest_DB_2, SQL_NorthCentralUS_DB_2, SQL_UKWest_DB_2, SQL_WestUS_DB_2, SQL_WestCentralUS_DB_1, SQL_FranceSouth_DB_1, SQL_WestCentralUS_DB_2, SQL_FranceSouth_DB_2, SQL_SwitzerlandNorth_DB_1, SQL_SwitzerlandNorth_DB_2, SQL_BrazilSoutheast_DB_1, SQL_UAENorth_DB_1, SQL_BrazilSoutheast_DB_2, SQL_UAENorth_DB_2, SQL_SouthAfricaNorth_DB_1, SQL_SouthAfricaNorth_DB_2, SQL_WestUS3_DB_1, SQL_WestUS3_DB_2, SQL_SwedenCentral_DB_1, SQL_SwedenCentral_DB_2. Defaults to SQL_Default.

    Note: maintenance_configuration_name is only applicable if elastic_pool_id is not set.

    maxSizeGb Number

    The max size of the database in gigabytes.

    Note: This value should not be configured when the create_mode is Secondary or OnlineSecondary, as the sizing of the primary is then used as per Azure documentation.

    minCapacity Number
    Minimal capacity that database will always have allocated, if not paused. This property is only settable for Serverless databases.
    name String
    The name of the MS SQL Database. Changing this forces a new resource to be created.
    readReplicaCount Number
    The number of readonly secondary replicas associated with the database to which readonly application intent connections may be routed. This property is only settable for Hyperscale edition databases.
    readScale Boolean
    If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases.
    recoverDatabaseId String
    The ID of the database to be recovered. This property is only applicable when the create_mode is Recovery.
    recoveryPointId String
    The ID of the Recovery Services Recovery Point Id to be restored. This property is only applicable when the create_mode is Recovery.
    restoreDroppedDatabaseId String
    The ID of the database to be restored. This property is only applicable when the create_mode is Restore.
    restoreLongTermRetentionBackupId String
    The ID of the long term retention backup to be restored. This property is only applicable when the create_mode is RestoreLongTermRetentionBackup.
    restorePointInTime String
    Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. This property is only settable for create_mode= PointInTimeRestore databases.
    sampleName String
    Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT.
    secondaryType String
    How do you want your replica to be made? Valid values include Geo and Named. Defaults to Geo. Changing this forces a new resource to be created.
    serverId String

    The id of the MS SQL Server on which to create the database. Changing this forces a new resource to be created.

    Note: This setting is still required for "Serverless" SKUs

    shortTermRetentionPolicy Property Map
    A short_term_retention_policy block as defined below.
    skuName String

    Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource.

    Note: A full list of supported SKU names by region can be retrieved using the Azure CLI: az sql db list-editions -l <region> -o table

    Note: The default sku_name value may differ between Azure locations depending on local availability of Gen4/Gen5 capacity. When databases are replicated using the creation_source_database_id property, the source (primary) database cannot have a higher SKU service tier than any secondary databases. When changing the sku_name of a database having one or more secondary databases, this resource will first update any secondary databases as necessary. In such cases it's recommended to use the same sku_name in your configuration for all related databases, as not doing so may cause an unresolvable diff during subsequent plans.

    storageAccountType String
    Specifies the storage account type used to store backups for this database. Possible values are Geo, GeoZone, Local and Zone. Defaults to Geo.
    tags Map<String>
    A mapping of tags to assign to the resource.
    threatDetectionPolicy Property Map
    Threat detection policy configuration. The threat_detection_policy block supports fields documented below.
    transparentDataEncryptionEnabled Boolean

    If set to true, Transparent Data Encryption will be enabled on the database. Defaults to true.

    Note: transparent_data_encryption_enabled can only be set to false on DW (e.g, DataWarehouse) server SKUs.

    transparentDataEncryptionKeyAutomaticRotationEnabled Boolean

    Boolean flag to specify whether TDE automatically rotates the encryption Key to latest version or not. Possible values are true or false. Defaults to false.

    Note: When the sku_name is DW100c, the transparent_data_encryption_key_automatic_rotation_enabled and the transparent_data_encryption_key_vault_key_id properties should not be specified, as database-level CMK is not supported for Data Warehouse SKUs.

    transparentDataEncryptionKeyVaultKeyId String

    The fully versioned Key Vault Key URL (e.g. 'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>) to be used as the Customer Managed Key(CMK/BYOK) for the Transparent Data Encryption(TDE) layer.

    Note: To successfully deploy a Microsoft SQL Database in CMK/BYOK TDE the Key Vault must have Soft-delete and purge protection enabled to protect from data loss due to accidental key and/or key vault deletion. The Key Vault and the Microsoft SQL Server User Managed Identity Instance must belong to the same Azure Active Directory tenant.

    zoneRedundant Boolean
    Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases.

    Supporting Types

    DatabaseIdentity, DatabaseIdentityArgs

    IdentityIds List<string>
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Database.
    Type string
    Specifies the type of Managed Service Identity that should be configured on this SQL Database. Possible value is UserAssigned.
    IdentityIds []string
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Database.
    Type string
    Specifies the type of Managed Service Identity that should be configured on this SQL Database. Possible value is UserAssigned.
    identityIds List<String>
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Database.
    type String
    Specifies the type of Managed Service Identity that should be configured on this SQL Database. Possible value is UserAssigned.
    identityIds string[]
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Database.
    type string
    Specifies the type of Managed Service Identity that should be configured on this SQL Database. Possible value is UserAssigned.
    identity_ids Sequence[str]
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Database.
    type str
    Specifies the type of Managed Service Identity that should be configured on this SQL Database. Possible value is UserAssigned.
    identityIds List<String>
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this SQL Database.
    type String
    Specifies the type of Managed Service Identity that should be configured on this SQL Database. Possible value is UserAssigned.

    DatabaseImport, DatabaseImportArgs

    AdministratorLogin string
    Specifies the name of the SQL administrator.
    AdministratorLoginPassword string
    Specifies the password of the SQL administrator.
    AuthenticationType string
    Specifies the type of authentication used to access the server. Valid values are SQL or ADPassword.
    StorageKey string
    Specifies the access key for the storage account.
    StorageKeyType string
    Specifies the type of access key for the storage account. Valid values are StorageAccessKey or SharedAccessKey.
    StorageUri string
    Specifies the blob URI of the .bacpac file.
    StorageAccountId string
    The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for storage_uri parameter.
    AdministratorLogin string
    Specifies the name of the SQL administrator.
    AdministratorLoginPassword string
    Specifies the password of the SQL administrator.
    AuthenticationType string
    Specifies the type of authentication used to access the server. Valid values are SQL or ADPassword.
    StorageKey string
    Specifies the access key for the storage account.
    StorageKeyType string
    Specifies the type of access key for the storage account. Valid values are StorageAccessKey or SharedAccessKey.
    StorageUri string
    Specifies the blob URI of the .bacpac file.
    StorageAccountId string
    The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for storage_uri parameter.
    administratorLogin String
    Specifies the name of the SQL administrator.
    administratorLoginPassword String
    Specifies the password of the SQL administrator.
    authenticationType String
    Specifies the type of authentication used to access the server. Valid values are SQL or ADPassword.
    storageKey String
    Specifies the access key for the storage account.
    storageKeyType String
    Specifies the type of access key for the storage account. Valid values are StorageAccessKey or SharedAccessKey.
    storageUri String
    Specifies the blob URI of the .bacpac file.
    storageAccountId String
    The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for storage_uri parameter.
    administratorLogin string
    Specifies the name of the SQL administrator.
    administratorLoginPassword string
    Specifies the password of the SQL administrator.
    authenticationType string
    Specifies the type of authentication used to access the server. Valid values are SQL or ADPassword.
    storageKey string
    Specifies the access key for the storage account.
    storageKeyType string
    Specifies the type of access key for the storage account. Valid values are StorageAccessKey or SharedAccessKey.
    storageUri string
    Specifies the blob URI of the .bacpac file.
    storageAccountId string
    The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for storage_uri parameter.
    administrator_login str
    Specifies the name of the SQL administrator.
    administrator_login_password str
    Specifies the password of the SQL administrator.
    authentication_type str
    Specifies the type of authentication used to access the server. Valid values are SQL or ADPassword.
    storage_key str
    Specifies the access key for the storage account.
    storage_key_type str
    Specifies the type of access key for the storage account. Valid values are StorageAccessKey or SharedAccessKey.
    storage_uri str
    Specifies the blob URI of the .bacpac file.
    storage_account_id str
    The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for storage_uri parameter.
    administratorLogin String
    Specifies the name of the SQL administrator.
    administratorLoginPassword String
    Specifies the password of the SQL administrator.
    authenticationType String
    Specifies the type of authentication used to access the server. Valid values are SQL or ADPassword.
    storageKey String
    Specifies the access key for the storage account.
    storageKeyType String
    Specifies the type of access key for the storage account. Valid values are StorageAccessKey or SharedAccessKey.
    storageUri String
    Specifies the blob URI of the .bacpac file.
    storageAccountId String
    The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for storage_uri parameter.

    DatabaseLongTermRetentionPolicy, DatabaseLongTermRetentionPolicyArgs

    ImmutableBackupsEnabled bool
    MonthlyRetention string
    The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. P1Y, P1M, P4W or P30D. Defaults to PT0S.
    WeekOfYear int
    The week of year to take the yearly backup. Value has to be between 1 and 52.
    WeeklyRetention string
    The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. P1Y, P1M, P1W or P7D. Defaults to PT0S.
    YearlyRetention string
    The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. P1Y, P12M, P52W or P365D. Defaults to PT0S.
    ImmutableBackupsEnabled bool
    MonthlyRetention string
    The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. P1Y, P1M, P4W or P30D. Defaults to PT0S.
    WeekOfYear int
    The week of year to take the yearly backup. Value has to be between 1 and 52.
    WeeklyRetention string
    The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. P1Y, P1M, P1W or P7D. Defaults to PT0S.
    YearlyRetention string
    The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. P1Y, P12M, P52W or P365D. Defaults to PT0S.
    immutableBackupsEnabled Boolean
    monthlyRetention String
    The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. P1Y, P1M, P4W or P30D. Defaults to PT0S.
    weekOfYear Integer
    The week of year to take the yearly backup. Value has to be between 1 and 52.
    weeklyRetention String
    The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. P1Y, P1M, P1W or P7D. Defaults to PT0S.
    yearlyRetention String
    The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. P1Y, P12M, P52W or P365D. Defaults to PT0S.
    immutableBackupsEnabled boolean
    monthlyRetention string
    The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. P1Y, P1M, P4W or P30D. Defaults to PT0S.
    weekOfYear number
    The week of year to take the yearly backup. Value has to be between 1 and 52.
    weeklyRetention string
    The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. P1Y, P1M, P1W or P7D. Defaults to PT0S.
    yearlyRetention string
    The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. P1Y, P12M, P52W or P365D. Defaults to PT0S.
    immutable_backups_enabled bool
    monthly_retention str
    The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. P1Y, P1M, P4W or P30D. Defaults to PT0S.
    week_of_year int
    The week of year to take the yearly backup. Value has to be between 1 and 52.
    weekly_retention str
    The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. P1Y, P1M, P1W or P7D. Defaults to PT0S.
    yearly_retention str
    The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. P1Y, P12M, P52W or P365D. Defaults to PT0S.
    immutableBackupsEnabled Boolean
    monthlyRetention String
    The monthly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 120 months. e.g. P1Y, P1M, P4W or P30D. Defaults to PT0S.
    weekOfYear Number
    The week of year to take the yearly backup. Value has to be between 1 and 52.
    weeklyRetention String
    The weekly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 520 weeks. e.g. P1Y, P1M, P1W or P7D. Defaults to PT0S.
    yearlyRetention String
    The yearly retention policy for an LTR backup in an ISO 8601 format. Valid value is between 1 to 10 years. e.g. P1Y, P12M, P52W or P365D. Defaults to PT0S.

    DatabaseShortTermRetentionPolicy, DatabaseShortTermRetentionPolicyArgs

    RetentionDays int
    Point In Time Restore configuration. Value has to be between 1 and 35.
    BackupIntervalInHours int
    The hours between each differential backup. This is only applicable to live databases but not dropped databases. Value has to be 12 or 24. Defaults to 12 hours.
    RetentionDays int
    Point In Time Restore configuration. Value has to be between 1 and 35.
    BackupIntervalInHours int
    The hours between each differential backup. This is only applicable to live databases but not dropped databases. Value has to be 12 or 24. Defaults to 12 hours.
    retentionDays Integer
    Point In Time Restore configuration. Value has to be between 1 and 35.
    backupIntervalInHours Integer
    The hours between each differential backup. This is only applicable to live databases but not dropped databases. Value has to be 12 or 24. Defaults to 12 hours.
    retentionDays number
    Point In Time Restore configuration. Value has to be between 1 and 35.
    backupIntervalInHours number
    The hours between each differential backup. This is only applicable to live databases but not dropped databases. Value has to be 12 or 24. Defaults to 12 hours.
    retention_days int
    Point In Time Restore configuration. Value has to be between 1 and 35.
    backup_interval_in_hours int
    The hours between each differential backup. This is only applicable to live databases but not dropped databases. Value has to be 12 or 24. Defaults to 12 hours.
    retentionDays Number
    Point In Time Restore configuration. Value has to be between 1 and 35.
    backupIntervalInHours Number
    The hours between each differential backup. This is only applicable to live databases but not dropped databases. Value has to be 12 or 24. Defaults to 12 hours.

    DatabaseThreatDetectionPolicy, DatabaseThreatDetectionPolicyArgs

    DisabledAlerts List<string>
    Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.
    EmailAccountAdmins string
    Should the account administrators be emailed when this alert is triggered? Possible values are Enabled or Disabled. Defaults to Disabled.
    EmailAddresses List<string>
    A list of email addresses which alerts should be sent to.
    RetentionDays int
    Specifies the number of days to keep in the Threat Detection audit logs.
    State string
    The State of the Policy. Possible values are Enabled or Disabled. Defaults to Disabled.
    StorageAccountAccessKey string
    Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.
    StorageEndpoint string
    Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.
    DisabledAlerts []string
    Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.
    EmailAccountAdmins string
    Should the account administrators be emailed when this alert is triggered? Possible values are Enabled or Disabled. Defaults to Disabled.
    EmailAddresses []string
    A list of email addresses which alerts should be sent to.
    RetentionDays int
    Specifies the number of days to keep in the Threat Detection audit logs.
    State string
    The State of the Policy. Possible values are Enabled or Disabled. Defaults to Disabled.
    StorageAccountAccessKey string
    Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.
    StorageEndpoint string
    Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.
    disabledAlerts List<String>
    Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.
    emailAccountAdmins String
    Should the account administrators be emailed when this alert is triggered? Possible values are Enabled or Disabled. Defaults to Disabled.
    emailAddresses List<String>
    A list of email addresses which alerts should be sent to.
    retentionDays Integer
    Specifies the number of days to keep in the Threat Detection audit logs.
    state String
    The State of the Policy. Possible values are Enabled or Disabled. Defaults to Disabled.
    storageAccountAccessKey String
    Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.
    storageEndpoint String
    Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.
    disabledAlerts string[]
    Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.
    emailAccountAdmins string
    Should the account administrators be emailed when this alert is triggered? Possible values are Enabled or Disabled. Defaults to Disabled.
    emailAddresses string[]
    A list of email addresses which alerts should be sent to.
    retentionDays number
    Specifies the number of days to keep in the Threat Detection audit logs.
    state string
    The State of the Policy. Possible values are Enabled or Disabled. Defaults to Disabled.
    storageAccountAccessKey string
    Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.
    storageEndpoint string
    Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.
    disabled_alerts Sequence[str]
    Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.
    email_account_admins str
    Should the account administrators be emailed when this alert is triggered? Possible values are Enabled or Disabled. Defaults to Disabled.
    email_addresses Sequence[str]
    A list of email addresses which alerts should be sent to.
    retention_days int
    Specifies the number of days to keep in the Threat Detection audit logs.
    state str
    The State of the Policy. Possible values are Enabled or Disabled. Defaults to Disabled.
    storage_account_access_key str
    Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.
    storage_endpoint str
    Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.
    disabledAlerts List<String>
    Specifies a list of alerts which should be disabled. Possible values include Access_Anomaly, Sql_Injection and Sql_Injection_Vulnerability.
    emailAccountAdmins String
    Should the account administrators be emailed when this alert is triggered? Possible values are Enabled or Disabled. Defaults to Disabled.
    emailAddresses List<String>
    A list of email addresses which alerts should be sent to.
    retentionDays Number
    Specifies the number of days to keep in the Threat Detection audit logs.
    state String
    The State of the Policy. Possible values are Enabled or Disabled. Defaults to Disabled.
    storageAccountAccessKey String
    Specifies the identifier key of the Threat Detection audit storage account. Required if state is Enabled.
    storageEndpoint String
    Specifies the blob storage endpoint (e.g. https://example.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs. Required if state is Enabled.

    Import

    SQL Database can be imported using the resource id, e.g.

    $ pulumi import azure:mssql/database:Database example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/example1

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.24.0 published on Wednesday, Jun 18, 2025 by Pulumi
    pulumi/pulumi-azure