Terraform Azure Module Template

With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence.

---

We are a group of DevOps engineers and architects collaborating to build standardized, scalable, and secure infrastructure in today's ever-evolving digital landscape. Rooted in a strong belief in automation and modular design—much like microservices—we focus on decomposing infrastructure into smaller, reusable components such as databases, clusters, and more. These components are built to follow industry best practices and are easy to manage, scale, and secure.

This repository is part of the terraform-az-modules organization and provides open-source, reusable Terraform modules. It includes practical examples and workflows to help users quickly understand, implement, and improve their infrastructure with minimal configuration and high maintainability.

Prerequisites and Providers

This table contains both Prerequisites and Providers:

Description	Name	Version
Prerequisite	Terraform	>= 1.6.6
Provider	azure	>= 3.116.0

Examples

IMPORTANT: Since the master branch used in source varies based on new modifications, we recommend using the release versions.

📌 For additional usage examples, check the complete list under examples/ directory.

Providers

Name	Version
azurerm	>=3.116.0
random	n/a

Modules

Name	Source	Version
labels	terraform-az-modules/tags/azure	1.0.0

Resources

Name	Type
azurerm_key_vault_access_policy.geo_cmk_access_policy	resource
azurerm_key_vault_access_policy.primary_cmk_access_policy	resource
azurerm_key_vault_key.geo_cmk_key	resource
azurerm_key_vault_key.primary_cmk_key	resource
azurerm_monitor_diagnostic_setting.mysql	resource
azurerm_mysql_flexible_database.main	resource
azurerm_mysql_flexible_server.main	resource
azurerm_mysql_flexible_server_active_directory_administrator.main	resource
azurerm_mysql_flexible_server_configuration.main	resource
azurerm_role_assignment.geo_cmk_role_assignment	resource
azurerm_role_assignment.primary_cmk_role_assignment	resource
azurerm_user_assigned_identity.geo_cmk_umi	resource
azurerm_user_assigned_identity.primary_cmk_umi	resource
random_password.main	resource
azurerm_client_config.current	data source

Inputs

Name	Description	Type	Default	Required
admin_password	Password for the administrator login user.	string	null	no
admin_password_length	Length of the randomly generated admin password, if not provided.	number	16	no
admin_username	Administrator login name for the MySQL Flexible Server.	string	null	no
auto_grow_enabled	Enable storage auto-grow (default disabled).	bool	false	no
backup_retention_days	Backup retention days for MySQL Flexible Server (1-35).	number	7	no
charset	Charset for the MySQL database.	string	""	no
cmk_enabled	Enable Customer Managed Key (CMK) for encryption.	bool	false	no
cmk_key_size	Key size for CMK encryption.	number	2048	no
cmk_key_type	Key type for CMK encryption ('RSA' by default).	string	"RSA"	no
collation	Collation for the MySQL database.	string	""	no
create_mode	Creation mode (Default, Replica, GeoRestore, PointInTimeRestore).	string	"Default"	no
custom_name	Override the default naming convention.	string	null	no
custom_tags	Map of custom tags to apply to resources.	map(string)	{}	no
db_name	MySQL Database name; must be a valid identifier.	string	""	no
delegated_subnet_id	Resource ID of the delegated subnet.	string	""	no
deployment_mode	Specifies infrastructure deployment mode.	string	"terraform"	no
enable_diagnostic	Enable diagnostic settings creation.	bool	true	no
enabled	Set to false to disable resource creation by this module.	bool	true	no
entra_authentication	Azure Entra authentication configuration for MySQL Flexible Server.	object({ user_assigned_identity_id = optional(string, null) login = optional(string, null) object_id = optional(string, null) })	{}	no
environment	Deployment environment, such as 'prod', 'dev', or 'staging'.	string	null	no
eventhub_authorization_rule_id	EventHub authorization rule ID for diagnostic settings destination.	string	null	no
eventhub_name	EventHub name for diagnostic settings destination.	string	null	no
existing_private_dns_zone	Set to true if using an existing private DNS zone.	bool	false	no
existing_private_dns_zone_id	ID of the existing private DNS zone.	string	null	no
existing_private_dns_zone_name	Name of the existing private DNS zone (no trailing dot). Changing forces replacement.	string	null	no
extra_tags	Additional tags to apply to resources.	map(string)	null	no
geo_redundant_backup_enabled	Enable geo redundant backups. Changing this triggers resource replacement.	bool	true	no
high_availability	High availability configuration object. Set to null to disable.	object({ mode = string standby_availability_zone = optional(number) })	null	no
identity_type	Managed identity type to assign (e.g., 'SystemAssigned', 'UserAssigned').	string	null	no
iops	Storage IOPS; valid range 360 to 20000.	number	360	no
key_opts	List of permitted key operations for CMK.	list(string)	[ "encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey" ]	no
key_permissions	List of key permissions granted for CMK.	list(string)	[ "Get", "WrapKey", "UnwrapKey", "List" ]	no
key_vault_id	Key Vault resource ID where the CMK is stored.	string	null	no
key_vault_with_rbac	Enable RBAC permissions on the Key Vault.	bool	false	no
label_order	Order of labels for constructing resource names or tags.	list(string)	[ "name", "environment", "location" ]	no
location	Azure Region where the resource will be created. Changing this forces resource replacement.	string	"centralindia"	no
log_analytics_destination_type	Destination type for logs; 'AzureDiagnostics' or 'Dedicated'.	string	"AzureDiagnostics"	no
log_analytics_workspace_id	Log Analytics workspace ID where logs will be sent.	string	null	no
log_category	List of log categories to collect (e.g., 'MySqlSlowLogs', 'MySqlAuditLogs').	list(string)	[ "MySqlAuditLogs" ]	no
main_rg_name	Primary resource group name.	string	""	no
managedby	'ManagedBy' tag value, e.g., 'terraform-az-modules'.	string	"terraform-az-modules"	no
metric_enabled	Enable metrics diagnostics for MySQL Flexible Server.	bool	true	no
mysql_server_name	Name of the MySQL Flexible Server.	string	null	no
mysql_version	MySQL version; valid values are '5.7' or '8.0.21'. Changing forces replacement.	string	"5.7"	no
name	Name label (e.g., 'app' or 'cluster').	string	null	no
point_in_time_restore_time_in_utc	Point in time to restore from when using 'PointInTimeRestore' mode.	string	null	no
private_dns	Enable private DNS integration.	bool	false	no
registration_enabled	Enable auto-registration of VM records in the Private DNS zone.	bool	false	no
replication_role	Replication role for the MySQL Flexible Server (e.g., 'None').	string	null	no
repository	Module source repository URL.	string	"https://github.com/terraform-az-modules/terraform-azure-vnet"	no
resource_group_name	Resource group name where MySQL Flexible Server is deployed.	string	""	no
resource_position_prefix	Controls placement of the resource type keyword (e.g., "vnet", "ddospp") in resource names. - If true, the keyword is prepended: "vnet-core-dev". - If false, the keyword is appended: "core-dev-vnet". Maintains naming consistency based on organizational preferences.	bool	true	no
role_definition_name	Name of the Role Definition assigned for Key Vault crypto operations.	string	"Key Vault Crypto Service Encryption User"	no
server_configuration_names	List of MySQL server configuration option names.	list(string)	[]	no
size_gb	Maximum storage size in GB; valid range 20 to 16,384.	string	"20"	no
sku_name	SKU name for the MySQL Flexible Server.	string	"GP_Standard_D8ds_v4"	no
source_server_id	Source server ID for restore or replication modes.	string	null	no
storage_account_id	Storage Account ID for diagnostic settings destination.	string	null	no
user_assigned_identity_ids	List of User-Assigned Managed Identity IDs.	list(string)	[]	no
values	List of values corresponding to server configuration names.	list(string)	[]	no
virtual_network_id	Virtual network resource ID.	string	""	no
zone	Availability Zone for the server (1, 2, or 3).	number	null	no

Outputs

Name	Description
azurerm_mysql_flexible_server_configuration_id	The ID of the MySQL Flexible Server Configuration.
mysql_flexible_server_id	The ID of the MySQL Flexible Server.

Skipped Checkov Checks

Check ID	Description / Purpose
CKV_TF_1	Ensures Terraform module sources use commit hash for Git-based sources
CKV2_AZURE_56	Requires resource group to have a managed identity assigned
CKV_AZURE_112	Validates use of customer-managed keys for resource encryption
CKV_AZURE_40	Checks Storage Account default network access rules security

Module Dependencies

This module has dependencies on:

• Labels Module: Provides resource tagging.

📑 Changelog

Refer here.

✨ Contributors

Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward.

If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!):

• Fork the Repository: Create a new branch for your feature or bug fix.
• Coding Standards: You know the drill.
• Clear Commit Messages: Write clear and concise commit messages to facilitate understanding.
• Thorough Testing: Test your changes thoroughly before submitting a pull request.
• Documentation Updates: Include relevant documentation updates if your changes impact it.

Feedback

Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our issue tracker, feel free to drop us an email at [email protected]).

Show some love with a ★ on our GitHub! if our work has brightened your day! – your feedback fuels our journey!

🚀 Our Accomplishment

We have 50+ Azure Terraform modules 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress.

• Terraform Module Registry: Discover our Terraform modules here.

Tap into our capabilities

We provide a platform for organizations to engage with experienced, top-tier DevOps and Cloud professionals. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud solutions.

At Azure Terraform Modules Organisation, we have extensive experience in designing, building, and migrating environments; securing infrastructure; consulting; monitoring; optimizing; automating; and maintaining complex, large-scale modern systems. With a strong client presence across American and European regions, our certified experts deliver robust and scalable cloud solutions.

Write to us at [email protected].

We are The Cloud Experts!

---

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.