@turbot/azure-sql
The azure-sql mod contains resource, control and policy definitions for Azure SQL service.
- Setting Policies Tutorial
- Mods Overview
- Policies Overview
- Resources Overview
- Common Policies and Controls
Recommended Version
Version
5.14.0
Released On
Apr 22, 2024
Depends On
@turbot/azure ^5.0.0
@turbot/azure-iam ^5.0.0
@turbot/azure-provider ^5.0.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.1.0
@turbot/azure-iam ^5.0.0
@turbot/azure-provider ^5.0.0
@turbot/turbot ^5.22.0
@turbot/turbot-iam ^5.1.0
Resource Types
Control Types
- Azure > SQL > Database > Active
- Azure > SQL > Database > Advanced Data Security
- Azure > SQL > Database > Approved
- Azure > SQL > Database > Auditing
- Azure > SQL > Database > CMDB
- Azure > SQL > Database > Discovery
- Azure > SQL > Database > Encryption at Rest
- Azure > SQL > Database > Tags
- Azure > SQL > Elastic Pool > Active
- Azure > SQL > Elastic Pool > Approved
- Azure > SQL > Elastic Pool > CMDB
- Azure > SQL > Elastic Pool > Discovery
- Azure > SQL > Elastic Pool > Tags
- Azure > SQL > Server > Active
- Azure > SQL > Server > Active Directory Administrator
- Azure > SQL > Server > Advanced Data Security
- Azure > SQL > Server > Approved
- Azure > SQL > Server > Auditing
- Azure > SQL > Server > CMDB
- Azure > SQL > Server > Discovery
- Azure > SQL > Server > Firewall
- Azure > SQL > Server > Firewall > IP Ranges
- Azure > SQL > Server > Firewall > IP Ranges > Approved
- Azure > SQL > Server > Tags
Policy Types
- Azure > SQL > Approved Regions [Default]
- Azure > SQL > Database > Active
- Azure > SQL > Database > Active > Age
- Azure > SQL > Database > Active > Last Modified
- Azure > SQL > Database > Advanced Data Security
- Azure > SQL > Database > Advanced Data Security > Threat Protection
- Azure > SQL > Database > Advanced Data Security > Threat Protection > Email Addresses
- Azure > SQL > Database > Advanced Data Security > Threat Protection > Notify Admins
- Azure > SQL > Database > Advanced Data Security > Threat Protection > Types
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Periodic Scans
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Email Addresses
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Notify Admins
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Storage Account
- Azure > SQL > Database > Approved
- Azure > SQL > Database > Approved > Custom
- Azure > SQL > Database > Approved > Regions
- Azure > SQL > Database > Approved > Usage
- Azure > SQL > Database > Auditing
- Azure > SQL > Database > Auditing > Retention Days
- Azure > SQL > Database > Auditing > Storage Account
- Azure > SQL > Database > CMDB
- Azure > SQL > Database > Encryption at Rest
- Azure > SQL > Database > Regions
- Azure > SQL > Database > Tags
- Azure > SQL > Database > Tags > Template
- Azure > SQL > Elastic Pool > Active
- Azure > SQL > Elastic Pool > Active > Age
- Azure > SQL > Elastic Pool > Active > Last Modified
- Azure > SQL > Elastic Pool > Approved
- Azure > SQL > Elastic Pool > Approved > Custom
- Azure > SQL > Elastic Pool > Approved > Regions
- Azure > SQL > Elastic Pool > Approved > Usage
- Azure > SQL > Elastic Pool > CMDB
- Azure > SQL > Elastic Pool > Regions
- Azure > SQL > Elastic Pool > Tags
- Azure > SQL > Elastic Pool > Tags > Template
- Azure > SQL > Enabled
- Azure > SQL > Permissions
- Azure > SQL > Permissions > Levels
- Azure > SQL > Permissions > Levels > Modifiers
- Azure > SQL > Regions
- Azure > SQL > Server > Active
- Azure > SQL > Server > Active > Age
- Azure > SQL > Server > Active > Last Modified
- Azure > SQL > Server > Active Directory Administrator
- Azure > SQL > Server > Active Directory Administrator > Name
- Azure > SQL > Server > Advanced Data Security
- Azure > SQL > Server > Advanced Data Security > Threat Protection
- Azure > SQL > Server > Advanced Data Security > Threat Protection > Email Addresses
- Azure > SQL > Server > Advanced Data Security > Threat Protection > Notify Admins
- Azure > SQL > Server > Advanced Data Security > Threat Protection > Types
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Periodic Scans
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Email Addresses
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Notify Admins
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Storage Account
- Azure > SQL > Server > Approved
- Azure > SQL > Server > Approved > Custom
- Azure > SQL > Server > Approved > Regions
- Azure > SQL > Server > Approved > Usage
- Azure > SQL > Server > Auditing
- Azure > SQL > Server > Auditing > Retention Days
- Azure > SQL > Server > Auditing > Storage Account
- Azure > SQL > Server > CMDB
- Azure > SQL > Server > Firewall
- Azure > SQL > Server > Firewall > IP Ranges
- Azure > SQL > Server > Firewall > IP Ranges > Approved
- Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
- Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses
- Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules
- Azure > SQL > Server > Regions
- Azure > SQL > Server > Tags
- Azure > SQL > Server > Tags > Template
- Azure > SQL > Tags Template [Default]
- Azure > Turbot > Permissions > Compiled > Levels > @turbot/azure-sql
- Azure > Turbot > Permissions > Compiled > Service Permissions > @turbot/azure-sql
Release Notes
5.14.0 (2024-04-22)
Control Types
- Azure > SQL > Server > Firewall
- Azure > SQL > Server > Firewall > IP Ranges
- Azure > SQL > Server > Firewall > IP Ranges > Approved
Policy Types
- Azure > SQL > Server > Firewall
- Azure > SQL > Server > Firewall > IP Ranges
- Azure > SQL > Server > Firewall > IP Ranges > Approved
- Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
- Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses
- Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules
Action Types
- Azure > SQL > Server > Update Firewall IP Ranges
5.13.0 (2024-02-02)
What's new?
- We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
5.12.0 (2023-06-16)
What's new?
- Resource's metadata will now also include
createdBy
details in Guardrails CMDB. - README.md file is now available for users to check details about the resource types and service permissions that the mod covers.
5.11.0 (2022-12-26)
What's new?
- All
Azure > SQL
resource types now support China Cloud regions.
5.10.0 (2022-02-17)
What's new?
- Users can now create their own custom checks against resource attributes in the Approved control using the
Approved > Custom
policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.
Bug fixes
- We've improved the process of deleting resources from Guardrails if their CMDB policy was set to
Enforce: Disabled
. The CMDB controls will now not look to resolve credentials via Guardrails' IAM role while deleting resources from Guardrails. This will allow the CMDB controls to process resource deletions from Guardrails more reliably than before.
Policy Types
- Azure > SQL > Database > Approved > Custom
- Azure > SQL > Elastic Pool > Approved > Custom
- Azure > SQL > Server > Approved > Custom
5.9.1 (2021-09-15)
Bug fixes
- We’ve made a few improvements in the GraphQL queries for various controls and actions to be more reliable than before. You won’t notice any difference and things should continue to run smoothly as expected.
5.9.0 (2021-08-25)
What's new?
- We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
Bug fixes
- We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.
5.8.0 (2021-03-18)
What's new?
- We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.
Bug fixes
- The
Azure > SQL > Database > Encryption at Rest
control will now beskipped
for master databases.
5.7.1 (2021-01-22)
Bug fixes
- Controls run faster now when in the
tbd
andskipped
states thanks to the new Guardrails Precheck feature (not to be confused with TSA PreCheck). With Guardrails Precheck, controls avoid running GraphQL input queries when intbd
andskipped
, resulting in faster and lighter control runs.
5.7.0 (2020-11-02)
What's new?
- We've made improvements to how Approved controls interact with CMDB policies and controls for more reliable approved checks. Now, if a resource's CMDB policy is set to
Skip
, its Approved control will move toinvalid
to prevent the Approved control from making a decision based on outdated information. Also, Approved controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
Bug fixes
- We've updated the Discovery controls for resources to now move to skipped instead of invalid if the provider is disabled in the subscription and the
Azure > Provider > {service} > Registered
policy is checking if the provider is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the provider.
Control Types
- Azure > SQL > Server > Active Directory Administrator
Policy Types
- Azure > SQL > Server > Active Directory Administrator
- Azure > SQL > Server > Active Directory Administrator > Name
Action Types
- Azure > SQL > Server > Update Active Directory Administrator
5.6.0 (2020-09-28)
What's new?
- We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to
Skip
, its Active control will move toinvalid
to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.
5.5.1 (2020-09-09)
Bug fixes
- The
Azure > SQL > Server > CMDB
control wasn't getting updated correctly when an Active Directory administrator was removed from a SQL server. This issue has been fixed and now theserverAzureADAdministrator
property in the server's CMDB will be updated properly.
5.5.0 (2020-08-27)
What's new?
- Discovery controls now have their own control category,
CMDB > Discovery
, to allow for easier filtering separately from other CMDB controls. - We've renamed the service's default regions policy from
Regions [Default]
toRegions
to be consistent with our other regions policies.
5.4.0 (2020-07-29)
Control Types
- Azure > SQL > Database > Encryption at Rest
Policy Types
- Azure > SQL > Database > Encryption at Rest
Action Types
- Azure > SQL > Database > Update Encryption at Rest
5.3.4 (2020-07-28)
Bug fixes
- We have removed some
microsoft.sql/servers/backuplongtermretentionvaults
permissions that Azure no longer supports since they were causingAzure > Guardrails > IAM
stack control to remain in an error state.
5.3.3 (2020-07-24)
Bug fixes
- When deleting inactive resources through an Active control, different warning periods in days can be set to delay deletion. We recently identified a bug that would cause these warning periods to be ignored, and any inactive resources would be deleted immediately. This bug has been fixed and now all Active controls will abide by the warning period set in the policy value.
5.3.2 (2020-06-18)
Bug fixes
- The
Azure > SQL > Database > Auditing
control would not properly alarm when checking if auditing was enabled on a database that had auditing disabled. This issue has been fixed.
5.3.1 (2020-06-10)
What's new?
- All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.
5.3.0 (2020-06-02)
Control Types
- Azure > SQL > Database > Advanced Data Security
- Azure > SQL > Server > Advanced Data Security
Policy Types
- Azure > SQL > Database > Advanced Data Security
- Azure > SQL > Database > Advanced Data Security > Threat Protection
- Azure > SQL > Database > Advanced Data Security > Threat Protection > Email Addresses
- Azure > SQL > Database > Advanced Data Security > Threat Protection > Notify Admins
- Azure > SQL > Database > Advanced Data Security > Threat Protection > Types
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Periodic Scans
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Email Addresses
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Notify Admins
- Azure > SQL > Database > Advanced Data Security > Vulnerability Assessment > Storage Account
- Azure > SQL > Server > Advanced Data Security
- Azure > SQL > Server > Advanced Data Security > Threat Protection
- Azure > SQL > Server > Advanced Data Security > Threat Protection > Email Addresses
- Azure > SQL > Server > Advanced Data Security > Threat Protection > Notify Admins
- Azure > SQL > Server > Advanced Data Security > Threat Protection > Types
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Periodic Scans
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Email Addresses
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Periodic Scans > Notify Admins
- Azure > SQL > Server > Advanced Data Security > Vulnerability Assessment > Storage Account
Action Types
- Azure > SQL > Database > Update Advanced Data Security
- Azure > SQL > Server > Update Advanced Data Security
5.2.1 (2020-05-13)
Bug fixes
Azure > SQL > Database > Auditing
andAzure > SQL > Server > Auditing
controls failed to work properly in Government Cloud since it was trying to use the commercial storage account blob endpoint. The issue has been fixed and now you can easily manage your auditing control in Government and Commercial regions.
5.2.0 (2020-05-08)
Control Types
- Azure > SQL > Server > Auditing
Policy Types
- Azure > SQL > Server > Auditing
- Azure > SQL > Server > Auditing > Retention Days
- Azure > SQL > Server > Auditing > Storage Account
Action Types
- Azure > SQL > Server > Update Auditing
5.1.0 (2020-05-07)
Control Types
- Azure > SQL > Database > Auditing
Policy Types
- Azure > SQL > Database > Auditing
- Azure > SQL > Database > Auditing > Retention Days
- Azure > SQL > Database > Auditing > Storage Account
Action Types
- Azure > SQL > Database > Update Auditing