azure - 如何在 AzureSqlServer 中使用 ARMtemplate 将 AuditingType 设置为 Blob

Question

我正在使用 ARMTemplate 部署 AzureSqlServer。我想使用 ARMTemplate 启用审计和威胁检测。下面是将 auditingtype 设置为“Table”的代码：

    {
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
  "parameters": {
    "serverName": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "The name of the SQL Server."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "South Central US",
      "allowedValues": [
        "Central US",
        "East Asia",
        "East US",
        "Japan East",
        "Japan West",
        "North Europe",
        "South Central US",
        "Southeast Asia",
        "West Europe",
        "West US",
        "East US 2"
      ],
      "metadata": {
        "description": "The location where SQL server will be deployed."
      }
    },
    "administratorLogin": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "The account name to use for the database server administrator."
      }
    },
    "administratorLoginPassword": {
      "type": "securestring",
      "minLength": 1,
      "metadata": {
        "description": "The password to use for the database server administrator."
      }
    },
    "serverVersion": {
      "type": "string",
      "defaultValue": "12.0",
      "allowedValues": [
        "12.0"
      ],
      "metadata": {
        "description": "The server version."
      }
    },
    "deploymentVersion": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "The deployment version tag."
      }
    },
    "deploymentType": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "The deployment type tag."
      }
    },
    "auditStorageAccountName": {
      "type": "string",
      "metadata": {
        "description": "Specifies the name of the storage account where diagnostics logs will be written"
      }
    },
    "auditAlertEmailaddress": {
      "type": "string",
      "metadata": {
        "description": "Specifies the email address for alerts"
      }
    },
    "logsRetentionInDays": {
      "type": "string",
      "metadata": {
        "description": "Specifies the number of days that logs are gonna be kept. If you do not want to apply any retention policy and retain data forever, set value to 0."
      }
    },
    "threatDetection": {
      "type": "string",
      "defaultValue": "Disabled",
      "allowedValues": [
        "Enabled",
        "Disabled"
      ],
      "metadata": {
        "description": "Azure SQL Server Threat Detection."
      }
    },
    "auditing": {
      "type": "string",
      "defaultValue": "Enabled",
      "allowedValues": [
        "Enabled",
        "Disabled"
      ],
      "metadata": {
        "description": "Azure SQL Server auditing."
      }
    }
  },
    "variables": { },
    "resources": [
        {
            "name": "[parameters('serverName')]",
            "type": "Microsoft.Sql/servers",
            "location": "[parameters('location')]",
            "apiVersion": "2014-04-01-preview",
            "properties": {
                "administratorLogin": "[parameters('administratorLogin')]",
                "administratorLoginPassword": "[parameters('administratorLoginPassword')]",
                "version": "[parameters('serverVersion')]"
            },
            "tags": {
                "deploymentVersion": "[parameters('deploymentVersion')]",
                "deploymentType": "[parameters('deploymentType')]"
            },
          "resources": [
            {
              "apiVersion": "2014-04-01-preview",
              "dependsOn": [
                "[concat('Microsoft.Sql/servers/', parameters('serverName'))]"
              ],
              "location": "[parameters('location')]",
              "name": "AllowAllWindowsAzureIps",
              "properties": {
                "endIpAddress": "0.0.0.0",
                "startIpAddress": "0.0.0.0"
              },
              "type": "firewallrules"
            },
            {
              "apiVersion": "2014-04-01-preview",
              "type": "auditingPolicies",
              "name": "DefaultAuditPolicy",
              "dependsOn": [
                "[parameters('serverName')]"
              ],
              "properties": {
                "State": "[parameters('auditing')]",
                "storageAccountName": "[parameters('auditStorageAccountName')]",
                "storageEndpoint": "[concat('https://', parameters('auditStorageAccountName'), '.blob.core.windows.net/')]",
                "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('auditStorageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
                "storageAccountResourceGroupName": "[resourceGroup().name]",
                "storageAccountSubscriptionId": "[subscription().subscriptionId]",               
                "eventTypesToAudit": "All"
              }

            },
            {
              "apiVersion": "2015-05-01-preview",
              "type": "securityAlertPolicies",
              "name": "DefaultSecurityAlert",
              "dependsOn": [
                "[parameters('serverName')]",
                "[concat('Microsoft.Sql/servers/', parameters('serverName'), '/auditingPolicies/DefaultAuditPolicy')]"
              ],
              "properties": {
                "state": "[parameters('threatDetection')]",
                "disabledAlerts": "",
                "emailAddresses": "[parameters('auditAlertEmailaddress')]",
                "emailAccountAdmins": "Enabled",
                "retentionDays": "[parameters('logsRetentionInDays')]",
                "storageEndpoint": "[concat('https://', parameters('auditStorageAccountName'), '.blob.core.windows.net/')]",
                "storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('auditStorageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]"
              }
            }
          ]
        }
    ]
}

这段代码给出的错误如下：

部署模板验证失败：'资源'Microsoft.Sql/servers/test2aa/auditingPolicies/DefaultAudit‌​Policy'未在模板中定义

如果我更改“类型”：“auditingPolicies”，那么我还需要更改 api 版本。当我修改 apiversion 并重新部署模板时，我得到“处理请求时发生错误”并且模板失败

如何使用 ARMTemplate 将 AuditingType 设置为“Blob”？

Answer 1

对的，这是可能的。请参考此链接：Microsoft.Sql/servers/databases/auditingSettings 模板参考。

storageEndpoint string  No  Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.

在您的模板中添加storageEndpoint. 使用 Azure 存储 blob 作为值。您的模板应如下所示：

      "storageEndpoint": {
          "type": "string",
          "defaultValue": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net')]"
        },        


     {
              "apiVersion": "2015-05-01-preview",
              "type": "auditingSettings",
              "name": "Default",
              "location": "[parameters('serverLocation')]",
              "dependsOn": [
                "[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
                "[concat('Microsoft.Storage/storageAccounts/',parameters('storageAccountName'))]"
              ],
              "properties": {
                "State": "Enabled",
                "storageEndpoint": "[parameters('storageEndpoint')]",
                "storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
                "retentionDays": 0,
                "auditActionsAndGroups": null,
                "storageAccountSubscriptionId": "[subscription().subscriptionId]",
                "isStorageSecondaryKeyInUse": false
              }
            }

更多信息请参考这篇博客：ARM模板-开启blob审计。

更新：

您可以使用模板将 SQL 部署Auditing type为 blob。