This section walks through building up your desired state configuration. Please see the documentation for everything SQLDSC can do.
resource "database" "model" {
recovery_model = "simple"
}
resource "login" "sa" {
disabled = true
}
resource "configuration" "xp_cmdshell" {
value = 0
}
model database to simple recovery ensures that new databases are in SIMPLE recovery unless you explicitly change them to FULL recoverysa login and xp_cmdshell are common practices to securely configure SQL Serverconfiguration resource can set any sp_configure settingresource "login" "DOMAIN\Admin-Group" {}
resource "server_role_member" "admin-sysadmin" {
login = "DOMAIN\Admin-Group"
role = "sysadmin"
}
sysadmin rightssysadmin role if it isn’t already a memberresource "login" "sqlmonitor" {
sqldsc_credential = "sqlmonitor"
}
resource "server_permission" "sqlmon-view-state" {
login = "sqlmonitor"
permissions = ["view server state"]
}
sysadmin rightssysadmin role if it isn’t already a membersqldsc_credential attributelogin "DOMAIN\AppSvc" {
database "AppDB" {
roles = ["db_datawriter", "db_datareader"]
permissions = "EXEC"
}
}
login block to simplify this.Please see the documentation site for everything SQLDSC can do