Ensure Azure SQL server audit log retention is greater than 90 days

org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
Ensure Azure SQL server audit log retention is greater than 90 days.
Tags
Azure
terraform
CKV_AZURE_24
Source
​Github, Issue Tracker, Maven Central​
groupId: org.openrewrite.recipe
artifactId: rewrite-terraform
version: 1.19.0
Contributors
​Jonathan Schneider​
​Aaron Gershman​
​pocan101​
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-terraform:1.19.0 in your build file or by running a shell command (in which case no build changes are needed):
Gradle
Maven POM
Maven Command Line
build.gradle
plugins {
    id("org.openrewrite.rewrite") version("5.40.4")
}
​
rewrite {
    activeRecipe("org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days")
}
​
repositories {
    mavenCentral()
}
​
dependencies {
    rewrite("org.openrewrite.recipe:rewrite-terraform:1.19.0")
}
pom.xml
<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>4.45.0</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-terraform</artifactId>
            <version>1.19.0</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>
shell
mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
  -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE \
  -Drewrite.activeRecipes=org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
Definition
Recipe List
Yaml Recipe List
​Add Terraform configuration​
resourceName: azurerm_sql_server
content: extended_auditing_policy { retention_in_days = 90 }
​Add Terraform configuration​
resourceName: azurerm_mssql_server
content: extended_auditing_policy { retention_in_days = 90 }
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
displayName: Ensure Azure SQL server audit log retention is greater than 90 days
description: Ensure Azure SQL server audit log retention is greater than 90 days.
tags:
  - Azure
  - terraform
  - CKV_AZURE_24
recipeList:
  - org.openrewrite.terraform.AddConfiguration:
      resourceName: azurerm_sql_server
      content: extended_auditing_policy {
  retention_in_days = 90
}
  - org.openrewrite.terraform.AddConfiguration:
      resourceName: azurerm_mssql_server
      content: extended_auditing_policy {
  retention_in_days = 90
}
​
See how this recipe works across multiple open-source repositories
​​
​​
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Ensure Azure SQL Server threat detection alerts are enabled for all threat types

Ensure Azure SQL server send alerts to field value is set

Last modified 23d ago