Azure Managed DB - MySQL Flexible
This Terraform module creates an Azure MySQL Flexible server with databases and associated admin users, along with enabled logging and firewall rules.
Following MySQL configuration options are set by default and can be overridden with the options variable or
fully disabled by setting the variable recommended_options_enabled to false:
slow_query_log: ON
long_query_time: 5
interactive_timeout: 28800
wait_timeout: 28800
innodb_change_buffering: all
innodb_change_buffer_max_size: 50
innodb_print_all_deadlocks: ON
max_allowed_packet: 1073741824 # 1GB
explicit_defaults_for_timestamp: OFF
sql_mode: ERROR_FOR_DIVISION_BY_ZERO,STRICT_TRANS_TABLES
sql_generate_invisible_primary_key: OFF # MySQL 8 only
transaction_isolation: READ-COMMITTED
MySQL options for SSL and audit logs can be respectively enabled with the ssl_enforced and audit_logs_enabled variables.
| Module version | Terraform version | OpenTofu version | AzureRM version |
|---|---|---|---|
| >= 8.x.x | Unverified | 1.8.x | >= 4.0 |
| >= 7.x.x | 1.3.x | >= 3.0 | |
| >= 6.x.x | 1.x | >= 3.0 | |
| >= 5.x.x | 0.15.x | >= 2.0 | |
| >= 4.x.x | 0.13.x / 0.14.x | >= 2.0 | |
| >= 3.x.x | 0.12.x | >= 2.0 | |
| >= 2.x.x | 0.12.x | < 2.0 | |
| < 2.x.x | 0.11.x | < 2.0 |
If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.
More details are available in the CONTRIBUTING.md file.
This module is optimized to work with the Claranet terraform-wrapper tool
which set some terraform variables in the environment needed by this module.
More details about variables set by the terraform-wrapper available in the documentation.
module "mysql_flexible" {
source = "claranet/db-mysql-flexible/azurerm"
version = "x.x.x"
location = module.azure_region.location
location_short = module.azure_region.location_short
client_name = var.client_name
environment = var.environment
stack = var.stack
resource_group_name = module.rg.name
tier = "GeneralPurpose"
mysql_version = "8.0.21"
allowed_cidrs = {
"peered-vnet" = "10.0.0.0/24"
"customer-office" = "12.34.56.78/32"
}
backup_retention_days = 10
geo_redundant_backup_enabled = true
administrator_login = "azureadmin"
databases = {
"documents" = {
"charset" = "utf8"
"collation" = "utf8_general_ci"
}
}
options = {
interactive_timeout = "600"
wait_timeout = "260"
}
logs_destinations_ids = [
module.logs.id,
module.logs.storage_account_id,
]
extra_tags = {
foo = "bar"
}
}
provider "mysql" {
endpoint = "${module.mysql_flexible.fqdn}:3306"
username = module.mysql_flexible.administrator_login
password = module.mysql_flexible.administrator_password
tls = true
}
module "mysql_users" {
source = "claranet/users/mysql"
version = "x.x.x"
for_each = module.mysql_flexible.databases_names
user = each.key
database = each.key
user_suffix_enabled = true
}| Name | Version |
|---|---|
| azurecaf | ~> 1.2.28 |
| azurerm | ~> 4.0 |
| random | >= 2.0 |
| Name | Source | Version |
|---|---|---|
| diagnostics | claranet/diagnostic-settings/azurerm | ~> 8.0.0 |
| Name | Type |
|---|---|
| azurerm_mysql_flexible_database.main | resource |
| azurerm_mysql_flexible_server.main | resource |
| azurerm_mysql_flexible_server_active_directory_administrator.main | resource |
| azurerm_mysql_flexible_server_configuration.main | resource |
| azurerm_mysql_flexible_server_firewall_rule.main | resource |
| random_password.administrator_password | resource |
| azurecaf_name.mysql_flexible_server | data source |
| azurerm_client_config.main | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| administrator_login | MySQL administrator login. Required when create_mode = "Default". |
string |
null |
no |
| administrator_password | MySQL administrator password. If not set, password is randomly generated. | string |
null |
no |
| allowed_cidrs | Map of allowed CIDRs. | map(string) |
{} |
no |
| audit_logs_enabled | Whether MySQL audit logs are enabled. Categories CONNECTION, ADMIN, CONNECTION_V2, DCL, DDL, DML, DML_NONSELECT, DML_SELECT, GENERAL and TABLE_ACCESS are set by default when enabledand can be overridden with options variable. See documentation." |
bool |
false |
no |
| backup_retention_days | Backup retention days for the MySQL Flexible server. Supported values are between 7 and 35 days. | number |
7 |
no |
| client_name | Client name/account used in naming. | string |
n/a | yes |
| create_mode | The creation mode which can be used to restore or replicate existing servers. | string |
"Default" |
no |
| custom_name | Custom server name. | string |
"" |
no |
| databases | Map of databases with default collation and charset. | map(object({ |
{} |
no |
| default_tags_enabled | Option to enable or disable default tags. | bool |
true |
no |
| delegated_subnet_id | The ID of the Virtual Network Subnet to create the MySQL Flexible server. | string |
null |
no |
| diagnostic_settings_custom_name | Custom name of the diagnostics settings, name will be 'default' if not set. | string |
"default" |
no |
| entra_authentication | Azure Entra authentication configuration block for this Azure MySQL Flexible server. You have to assign the Directory Readers Azure Entra role to the User Assigned Identity, see documentation. See dedicated example. |
object({ |
{} |
no |
| environment | Project environment. | string |
n/a | yes |
| extra_tags | Map of custom tags. | map(string) |
{} |
no |
| geo_redundant_backup_enabled | Enable or disable geo-redundant server backups. Not available for the burstable tier. | bool |
true |
no |
| high_availability | Object of high availability configuration. See documentation. null to disable high availability. |
object({ |
{} |
no |
| identity_ids | A list of User Assigned Managed Identity IDs to be assigned to this MySQL Flexible server. | list(string) |
[] |
no |
| location | Azure location. | string |
n/a | yes |
| location_short | Short string for Azure location. | string |
n/a | yes |
| logs_categories | Log categories to send to destinations. | list(string) |
null |
no |
| logs_destinations_ids | List of destination resources IDs for logs diagnostic destination. Can be Storage Account, Log Analytics Workspace and Event Hub. No more than one of each can be set.If you want to use Azure EventHub as a destination, you must provide a formatted string containing both the EventHub Namespace authorization send ID and the EventHub name (name of the queue to use in the Namespace) separated by the | character. |
list(string) |
n/a | yes |
| logs_metrics_categories | Metrics categories to send to destinations. | list(string) |
null |
no |
| maintenance_window | Map of maintenance window configuration. See documentation. | object({ |
null |
no |
| mysql_version | MySQL server version. Valid values are 5.7 and 8.0.21. |
string |
"8.0.21" |
no |
| name_prefix | Optional prefix for the generated name. | string |
"" |
no |
| name_suffix | Optional suffix for the generated name. | string |
"" |
no |
| options | Map of MySQL configuration options. See documentation. See README for default values. | map(string) |
{} |
no |
| point_in_time_restore_time_in_utc | The point in time to restore from creation_source_server_id when create_mode = "PointInTimeRestore". Changing this forces a new MySQL Flexible server to be created. |
string |
null |
no |
| private_dns_zone_id | The ID of the Private DNS Zone to create the MySQL Flexible server. | string |
null |
no |
| recommended_options_enabled | Whether or not to use recommended options. | bool |
true |
no |
| resource_group_name | Resource Group name. | string |
n/a | yes |
| size | The size for the MySQL Flexible server. | string |
"Standard_D2ds_v4" |
no |
| source_server_id | The resource ID of the source MySQL Flexible server to be restored. | string |
null |
no |
| ssl_enforced | Enforce SSL connection on MySQL provider. This sets the require_secure_transport option on the MySQL Flexible server. |
bool |
true |
no |
| stack | Project stack name. | string |
n/a | yes |
| storage | Object of storage configuration. | object({ |
{} |
no |
| tier | Tier for MySQL Flexible server SKU. Possible values are: GeneralPurpose, Burstable and MemoryOptimized. |
string |
"GeneralPurpose" |
no |
| zone | Specifies the Availability Zone in which this MySQL Flexible server should be located. Possible values are 1, 2 and 3. |
number |
null |
no |
| Name | Description |
|---|---|
| administrator_login | Administrator login for MySQL Flexible server. |
| administrator_password | Administrator password for MySQL Flexible server. |
| databases_ids | Map of databases IDs. |
| databases_names | Map of databases names. |
| firewall_rules_ids | Map of firewall rules IDs. |
| fqdn | FQDN of the MySQL Flexible server. |
| id | ID of the Azure MySQL Flexible server. |
| module_diagnostics | Diagnostics settings module outputs. |
| name | Name of the Azure MySQL Flexible server. |
| options | MySQL server configuration options. |
| public_network_access_enabled | Is the public network access enabled? |
| replica_capacity | The maximum number of replicas that a primary MySQL Flexible server can have. |
| resource | Azure MySQL server resource object. |
| resource_configuration | Azure MySQL configuration resource object. |
| resource_database | Azure MySQL database resource object. |
| resource_firewall_rule | Azure MySQL server firewall rule resource object. |
| terraform_module | Information about this Terraform module. |
- Microsoft Azure documentation: docs.microsoft.com/fr-fr/azure/mysql/flexible-server/overview
- Microsoft Azure Entra authentication documentation: learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad#configure-the-microsoft-entra-admin