I don’t fully understand this resource azurerm_mssql_server_security_alert_policy - resource type in Azure “Microsoft.Sql/servers/securityAlertPolicies”. I couldn’t find it in the Azure Portal. I found some issues on Github about this resource in the azurerm Terraform provider Issue search results · GitHub
I wanted to deploy this resource using a Storage Account with Managed Identity instead of a Storage Account access key because MS recommends disabling the access key to use Entra ID for authentication
Could you please give me some information about this resource (to fully understand it and how it works)?
Is it possible to deploy it without an access key?
Does it make sense to create this resource without SA properties at all?
From what I understand, the azurerm_mssql_server_security_alert_policy resource manages the Microsoft Defender Threat Detection for an Azure SQL Database (Platform-as-a-Service) offering. It is what you can configure to define who should receive emails about alerts, how long to retain audit logs, and if any alerts should be ignored.
When I used this resource (I don’t any longer as we’ve moved away from MSSQL Server in Azure), we didn’t define anything about the storage account key:
We didn’t seem to have a problem using it like this at all. In fact, I think there is a “managed” storage account that gets created for storing the audit logs – providing a different storage account simply disables this procedure – but I could be misinformed.
Another thing you could try is setting the storage_use_azureadprovider setting if you haven’t done so already. We use this for the same reason you stated regarding Storage Account access keys.