Make Azure SQL server ADS Vulnerability Assessment configable

[lonegunmanb]

Is there an existing issue for this?

• I have searched the existing issues

Description

As Checkov CKV2_AZURE_2 described:

Enable Vulnerability Assessment (VA) service scans for critical SQL servers and corresponding SQL databases.
Enabling Azure Defender for SQL server does not enables Vulnerability Assessment capability for individual SQL databases unless storage account is set to store the scanning data and reports.
The Vulnerability Assessment service scans databases for known security vulnerabilities and highlight deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. Results of the scan include actionable steps to resolve each issue and provide customized remediation scripts where applicable. Additionally an assessment report can be customized by setting an acceptable baseline for permission configurations, feature configurations, and database settings.
We recommend you ensure Vulnerability Assessment is enabled on a SQL server by setting a Storage Account.

We need to add azurerm_mssql_server_security_alert_policy into this module.

New or Affected Resource(s)/Data Source(s)

azurerm_mssql_server_security_alert_policy

Potential Terraform Configuration

No response

References

No response