Azure · AlexanderSehr · Dec 20, 2024 · Dec 19, 2024 · Dec 19, 2024 · Dec 19, 2024
@@ -19,6 +19,7 @@ This module deploys a DBforMySQL Flexible Server.
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.DBforMySQL/flexibleServers` | [2023-12-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2023-12-30/flexibleServers) |
 | `Microsoft.DBforMySQL/flexibleServers/administrators` | [2023-06-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2023-06-30/flexibleServers/administrators) |
+| `Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings` | [2023-12-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2023-12-30/flexibleServers/advancedThreatProtectionSettings) |
 | `Microsoft.DBforMySQL/flexibleServers/databases` | [2023-06-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2023-06-30/flexibleServers/databases) |
 | `Microsoft.DBforMySQL/flexibleServers/firewallRules` | [2023-06-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2023-06-30/flexibleServers/firewallRules) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
@@ -145,6 +146,7 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
     // Non-required parameters
     administratorLogin: 'adminUserName'
     administratorLoginPassword: '<administratorLoginPassword>'
+    advancedThreatProtection: 'Enabled'
     availabilityZone: '1'
     backupRetentionDays: 20
     customerManagedKey: {
@@ -211,6 +213,7 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
         '<managedIdentityResourceId>'
       ]
     }
+    publicNetworkAccess: 'Enabled'
     roleAssignments: [
       {
         name: '2478b63b-0cae-457f-9bd3-9feb00e1925b'
@@ -273,6 +276,9 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
     "administratorLoginPassword": {
       "value": "<administratorLoginPassword>"
     },
+    "advancedThreatProtection": {
+      "value": "Enabled"
+    },
     "availabilityZone": {
       "value": "1"
     },
@@ -363,6 +369,9 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
         ]
       }
     },
+    "publicNetworkAccess": {
+      "value": "Enabled"
+    },
     "roleAssignments": {
       "value": [
         {
@@ -427,6 +436,7 @@ param tier = 'GeneralPurpose'
 // Non-required parameters
 param administratorLogin = 'adminUserName'
 param administratorLoginPassword = '<administratorLoginPassword>'
+param advancedThreatProtection = 'Enabled'
 param availabilityZone = '1'
 param backupRetentionDays = 20
 param customerManagedKey = {
@@ -493,6 +503,7 @@ param managedIdentities = {
     '<managedIdentityResourceId>'
   ]
 }
+param publicNetworkAccess = 'Enabled'
 param roleAssignments = [
   {
     name: '2478b63b-0cae-457f-9bd3-9feb00e1925b'
@@ -561,6 +572,23 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
       }
     ]
     delegatedSubnetResourceId: '<delegatedSubnetResourceId>'
+    firewallRules: [
+      {
+        endIpAddress: '0.0.0.0'
+        name: 'AllowAllWindowsAzureIps'
+        startIpAddress: '0.0.0.0'
+      }
+      {
+        endIpAddress: '10.10.10.10'
+        name: 'test-rule1'
+        startIpAddress: '10.10.10.1'
+      }
+      {
+        endIpAddress: '100.100.100.10'
+        name: 'test-rule2'
+        startIpAddress: '100.100.100.1'
+      }
+    ]
     highAvailability: 'SameZone'
     location: '<location>'
     managedIdentities: {
@@ -628,6 +656,25 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
     "delegatedSubnetResourceId": {
       "value": "<delegatedSubnetResourceId>"
     },
+    "firewallRules": {
+      "value": [
+        {
+          "endIpAddress": "0.0.0.0",
+          "name": "AllowAllWindowsAzureIps",
+          "startIpAddress": "0.0.0.0"
+        },
+        {
+          "endIpAddress": "10.10.10.10",
+          "name": "test-rule1",
+          "startIpAddress": "10.10.10.1"
+        },
+        {
+          "endIpAddress": "100.100.100.10",
+          "name": "test-rule2",
+          "startIpAddress": "100.100.100.1"
+        }
+      ]
+    },
     "highAvailability": {
       "value": "SameZone"
     },
@@ -691,6 +738,23 @@ param databases = [
   }
 ]
 param delegatedSubnetResourceId = '<delegatedSubnetResourceId>'
+param firewallRules = [
+  {
+    endIpAddress: '0.0.0.0'
+    name: 'AllowAllWindowsAzureIps'
+    startIpAddress: '0.0.0.0'
+  }
+  {
+    endIpAddress: '10.10.10.10'
+    name: 'test-rule1'
+    startIpAddress: '10.10.10.1'
+  }
+  {
+    endIpAddress: '100.100.100.10'
+    name: 'test-rule2'
+    startIpAddress: '100.100.100.1'
+  }
+]
 param highAvailability = 'SameZone'
 param location = '<location>'
 param managedIdentities = {
@@ -870,6 +934,7 @@ param tags = {
 | [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the MySQL server is being created. |
 | [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. |
 | [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. |
+| [`advancedThreatProtection`](#parameter-advancedthreatprotection) | string | Enable/Disable Advanced Threat Protection (Microsoft Defender) for the server. |
 | [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. |
 | [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. |
 | [`createMode`](#parameter-createmode) | string | The mode to create a new MySQL server. |
@@ -886,6 +951,7 @@ param tags = {
 | [`location`](#parameter-location) | string | Location for all resources. |
 | [`lock`](#parameter-lock) | object | The lock settings of the service. |
 | [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Specifies whether public network access is allowed for this server. Set to "Enabled" to allow public access, or "Disabled" (default) when the server has VNet integration. |
 | [`replicationRole`](#parameter-replicationrole) | string | The replication role. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
 | [`storageAutoIoScaling`](#parameter-storageautoioscaling) | string | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. |
@@ -1006,6 +1072,14 @@ The Azure AD administrators when AAD authentication enabled.
 - Type: array
 - Default: `[]`
 
+### Parameter: `advancedThreatProtection`
+
+Enable/Disable Advanced Threat Protection (Microsoft Defender) for the server.
+
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+
 ### Parameter: `availabilityZone`
 
 Availability zone information of the server. Default will have no preference set.
@@ -1493,6 +1567,16 @@ Properties for the maintenence window. If provided, "customWindow" property must
 - MinValue: 1
 - MaxValue: 35
 
+### Parameter: `publicNetworkAccess`
+
+Specifies whether public network access is allowed for this server. Set to "Enabled" to allow public access, or "Disabled" (default) when the server has VNet integration.
+
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- MinValue: 1
+- MaxValue: 35
+
 ### Parameter: `replicationRole`
 
 The replication role.

@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.31.92.45157",
-      "templateHash": "15901602668303039143"
+      "version": "0.32.4.45862",
+      "templateHash": "4183350849272759957"
     },
     "name": "DBforMySQL Flexible Server Administrators",
     "description": "This module deploys a DBforMySQL Flexible Server Administrator.",

@@ -0,0 +1,52 @@
+# DBforMySQL Flexible Server Advanced Threat Protection `[Microsoft.DBforMySQL/flexibleServers]`
+
+This module enables Advanced Threat Protection for DBforMySQL Flexible Server.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings` | [2023-12-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2023-12-30/flexibleServers/advancedThreatProtectionSettings) |
+
+## Parameters
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`advancedThreatProtection`](#parameter-advancedthreatprotection) | string | The state of the advanced threat protection. |
+
+### Parameter: `flexibleServerName`
+
+The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `advancedThreatProtection`
+
+The state of the advanced threat protection.
+
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the deployed threat protection. |
+| `resourceGroupName` | string | The resource group of the deployed threat protection. |
+| `resourceId` | string | The resource ID of the deployed threat protection. |
@@ -0,0 +1,30 @@
+metadata name = 'DBforMySQL Flexible Server Advanced Threat Protection'
+metadata description = 'This module enables Advanced Threat Protection for DBforMySQL Flexible Server.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Conditional. The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment.')
+param flexibleServerName string
+
+@description('Optional. The state of the advanced threat protection.')
+param advancedThreatProtection string = 'Enabled'
+
+resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2023-12-30' existing = {
+  name: flexibleServerName
+}
+
+resource advancedThreatProtectionSettings 'Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings@2023-12-30' = {
+  parent: flexibleServer
+  name: 'Default'
+  properties: {
+    state: advancedThreatProtection
+  }
+}
+
+@description('The name of the deployed threat protection.')
+output name string = advancedThreatProtectionSettings.name
+
+@description('The resource ID of the deployed threat protection.')
+output resourceId string = advancedThreatProtectionSettings.id
+
+@description('The resource group of the deployed threat protection.')
+output resourceGroupName string = resourceGroup().name
@@ -0,0 +1,62 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.32.4.45862",
+      "templateHash": "8702168883921324305"
+    },
+    "name": "DBforMySQL Flexible Server Advanced Threat Protection",
+    "description": "This module enables Advanced Threat Protection for DBforMySQL Flexible Server.",
+    "owner": "Azure/module-maintainers"
+  },
+  "parameters": {
+    "flexibleServerName": {
+      "type": "string",
+      "metadata": {
+        "description": "Conditional. The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment."
+      }
+    },
+    "advancedThreatProtection": {
+      "type": "string",
+      "defaultValue": "Enabled",
+      "metadata": {
+        "description": "Optional. The state of the advanced threat protection."
+      }
+    }
+  },
+  "resources": [
+    {
+      "type": "Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings",
+      "apiVersion": "2023-12-30",
+      "name": "[format('{0}/{1}', parameters('flexibleServerName'), 'Default')]",
+      "properties": {
+        "state": "[parameters('advancedThreatProtection')]"
+      }
+    }
+  ],
+  "outputs": {
+    "name": {
+      "type": "string",
+      "metadata": {
+        "description": "The name of the deployed threat protection."
+      },
+      "value": "Default"
+    },
+    "resourceId": {
+      "type": "string",
+      "metadata": {
+        "description": "The resource ID of the deployed threat protection."
+      },
+      "value": "[resourceId('Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings', parameters('flexibleServerName'), 'Default')]"
+    },
+    "resourceGroupName": {
+      "type": "string",
+      "metadata": {
+        "description": "The resource group of the deployed threat protection."
+      },
+      "value": "[resourceGroup().name]"
+    }
+  }
+}
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.31.92.45157",
-      "templateHash": "8816099454149448745"
+      "version": "0.32.4.45862",
+      "templateHash": "8629575611448952116"
     },
     "name": "DBforMySQL Flexible Server Databases",
     "description": "This module deploys a DBforMySQL Flexible Server Database.",

@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.31.92.45157",
-      "templateHash": "10309431502079210011"
+      "version": "0.32.4.45862",
+      "templateHash": "11891154534022239824"
     },
     "name": "DBforMySQL Flexible Server Firewall Rules",
     "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.",