基于ARM模板的Azure SQL server漏洞评估
我已经通过ARM模板创建了Azure SQL server。要启用漏洞评估,我需要启用高级数据安全。我在SQL server资源的资源括号中使用ARM模板中的以下代码来启用它。
{
"name": "vulnerabilityAssessments",
"type": "vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('sqlServerName'))]"
],
"properties": {
"storageContainerPath": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/vulnerability-assessment/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": "[parameters('emailaddresses')]"
}
}
},如您所见,我将存储帐户设置为漏洞评估,但在部署此帐户时,会出现以下错误:
VulnerabilityAssessmentADSIsDisabled", "message": "Advanced Data Security should be enabled in order to use Vulnerability Assessment."当我查看SQL服务器的高级数据安全刀片时,我看到设置了以下内容:
如果我手动设置存储帐户。启用了脆弱性评估。我试图更改数据库级别上的漏洞评估括号,并试图调试属性中的存储帐户引用,但似乎看不到我做错了什么或忘记了什么?有人想这么做吗?
PS:就像你可以在图像中看到的那样,周期性的重复扫描是关闭的,而我已经在漏洞评估的递归扫描数组中启用了这个功能。
回答 2
Stack Overflow用户
发布于 2019-08-08 08:19:51
您遇到的问题是部署带有漏洞评估的ARM模板造成的,但没有首先启用Advanced。
您必须在ARM模板中部署Advanced,并在漏洞评估块中添加一个依赖项,因此只有在部署了Advanced之后才会部署它。
例如:
{
"apiVersion": "2017-03-01-preview",
"type": "Microsoft.Sql/servers/securityAlertPolicies",
"name": "[concat(parameters('serverName'), '/Default')]",
"properties": {
"state": "Enabled",
"disabledAlerts": [],
"emailAddresses": [],
"emailAccountAdmins": true
}
},
{
"apiVersion": "2018-06-01-preview",
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"name": "[concat(parameters('serverName'), '/Default')]",
"properties": {
"storageContainerPath": "[if(parameters('enableADS'), concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-07-01').primaryEndpoints.blob, 'vulnerability-assessment'), '')]",
"storageAccountAccessKey": "[if(parameters('enableADS'), listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value, '')]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": true,
"emails": []
}
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
"[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/Default')]"
]
}请注意,在本例中,我假设您使用的是现有存储。如果要在同一个ARM模板中部署存储,也必须为此添加一个依赖项(在“dependsOn”下):
"[concat('Microsoft.Storage/storageAccounts/', variables('storageName'))]"Stack Overflow用户
发布于 2019-07-22 07:32:44
通过将漏洞评估分割到不同的资源块中,我解决了这个问题。而不是把它放在SQL资源块中。新的资源块如下所示:
{
"name": "[concat(parameters('sqlServerName'), '/vulnerabilityAssessments')]",
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2018-06-01-preview",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('sqlServerName'))]",
"[concat('Microsoft.Sql/servers/', parameters('sqlServerName'), '/databases/', parameters('databaseName'))]"
],
"properties": {
"storageContainerPath": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/vulnerability-assessment/')]",
"storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), providers('Microsoft.Storage', 'storageAccounts').apiVersions[0]).keys[0].value]",
"recurringScans": {
"isEnabled": true,
"emailSubscriptionAdmins": false,
"emails": "[parameters('emailaddresses')]"
}
}
},https://stackoverflow.com/questions/57056770
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号