Give Azure resources access to your Azure database in ARM and Terraform templates

Ryan Rousseau - Apr 24 '20 - - Dev Community

Sometimes when I create a new database server in Azure, I forget one step. It doesn't take long before I get connection errors, and I immediately what I missed.

I need to set the Allow Azure services and resources to access this server setting to Yes.

Allow Azure services and resources to access this server

I create most of my cloud resources with automation scripts. I want to set this value to Yes in my ARM or Terraform templates.

I used the Export Template button the Azure portal to see if I could figure out how to do this. This is what I found:

{
    "type": "Microsoft.Sql/servers/firewallRules",
    "apiVersion": "2015-05-01-preview",
    "name": "[concat(parameters('servers_demoserver_name'), '/AllowAllWindowsAzureIps')]",
    "dependsOn": [
        "[resourceId('Microsoft.Sql/servers', parameters('servers_demoserver_name'))]"
    ],
    "properties": {
        "startIpAddress": "0.0.0.0",
        "endIpAddress": "0.0.0.0"
    }
}

Yes represents a firewall rule with the starting and ending IP addresses set to 0.0.0.0.

To do the same in Terraform, use something like:

resource "azurerm_sql_firewall_rule" "AllowAllWindowsAzureIps" {
  name                = "AllowAllWindowsAzureIps"
  resource_group_name = "${azurerm_resource_group.main.name}"
  server_name         = "${azurerm_sql_server.main.name}"
  start_ip_address    = "0.0.0.0"
  end_ip_address      = "0.0.0.0"
}

There you go! Add this trick to your ARM or Terraform repertoire and avoid future connection errors.

This post was originally published at blog.rousseau.dev. Cover photo by Scott Webb on Unsplash.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .