Ensure Azure SQL server audit log retention is greater than 90 days
org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
Ensure Azure SQL server audit log retention is greater than 90 days.
- Azure
- terraform
- CKV_AZURE_24
- groupId: org.openrewrite.recipe
- artifactId: rewrite-terraform
- version: 1.19.0
This recipe has no required configuration options. It can be activated by adding a dependency on
org.openrewrite.recipe:rewrite-terraform:1.19.0
in your build file or by running a shell command (in which case no build changes are needed):Gradle
Maven POM
Maven Command Line
build.gradle
plugins {
id("org.openrewrite.rewrite") version("5.40.4")
}
rewrite {
activeRecipe("org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days")
}
repositories {
mavenCentral()
}
dependencies {
rewrite("org.openrewrite.recipe:rewrite-terraform:1.19.0")
}
pom.xml
<project>
<build>
<plugins>
<plugin>
<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<version>4.45.0</version>
<configuration>
<activeRecipes>
<recipe>org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days</recipe>
</activeRecipes>
</configuration>
<dependencies>
<dependency>
<groupId>org.openrewrite.recipe</groupId>
<artifactId>rewrite-terraform</artifactId>
<version>1.19.0</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
shell
mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
-Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE \
-Drewrite.activeRecipes=org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
Recipe List
Yaml Recipe List
- resourceName:
azurerm_sql_server
- content:
extended_auditing_policy { retention_in_days = 90 }
- resourceName:
azurerm_mssql_server
- content:
extended_auditing_policy { retention_in_days = 90 }
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
displayName: Ensure Azure SQL server audit log retention is greater than 90 days
description: Ensure Azure SQL server audit log retention is greater than 90 days.
tags:
- Azure
- terraform
- CKV_AZURE_24
recipeList:
- org.openrewrite.terraform.AddConfiguration:
resourceName: azurerm_sql_server
content: extended_auditing_policy {
retention_in_days = 90
}
- org.openrewrite.terraform.AddConfiguration:
resourceName: azurerm_mssql_server
content: extended_auditing_policy {
retention_in_days = 90
}

