Sometimes when I create a new database server in Azure, I forget one step. It doesn't take long before I get connection errors, and I immediately what I missed.
I need to set the Allow Azure services and resources to access this server setting to Yes.
I create most of my cloud resources with automation scripts. I want to set this value to Yes in my ARM or Terraform templates.
I used the Export Template button the Azure portal to see if I could figure out how to do this. This is what I found:
{
"type": "Microsoft.Sql/servers/firewallRules",
"apiVersion": "2015-05-01-preview",
"name": "[concat(parameters('servers_demoserver_name'), '/AllowAllWindowsAzureIps')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('servers_demoserver_name'))]"
],
"properties": {
"startIpAddress": "0.0.0.0",
"endIpAddress": "0.0.0.0"
}
}
Yes represents a firewall rule with the starting and ending IP addresses set to 0.0.0.0.
To do the same in Terraform, use something like:
resource "azurerm_sql_firewall_rule" "AllowAllWindowsAzureIps" {
name = "AllowAllWindowsAzureIps"
resource_group_name = "${azurerm_resource_group.main.name}"
server_name = "${azurerm_sql_server.main.name}"
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
There you go! Add this trick to your ARM or Terraform repertoire and avoid future connection errors.