Hello!
Can I use the azurerm_mssql_server_extended_auditing_policy resource with azurerm_monitor_diagnostic_setting or another resource to configure audit logs for all databases on that server?
Today I know that there is a way to do this using the azurerm_mssql_database_extended_auditing_policy resource with azurerm_monitor_diagnostic_setting like:
resource "azurerm_mssql_database_extended_auditing_policy" "main" {
database_id = var.database_id
retention_in_days = 30
log_monitoring_enabled = true
}
resource "azurerm_monitor_diagnostic_setting" "mssql_audit" {
name = "mssql-audit-to-log-analytics"
target_resource_id = var.database_id
log_analytics_workspace_id = var.log_analytics_workspace_id
enabled_log {
category = "SQLSecurityAuditEvents"
}
metric {
category = "AllMetrics"
}
depends_on = [
azurerm_mssql_database_extended_auditing_policy.main
]
}
But I would have to do this for each database separately, but would I be able to configure this at the server level so that it replicates to its databases at once?