Enabling Advanced Threat Protection for Azure Database for MySQL programmatically

Enabling Advanced Threat Protection for Azure Database for MySQL programmatically

As you might have seen in previous posts, I’ve been playing around a lot with Azure Database for MySQL. On September last year, Microsoft announced Advanced Threat Protection for MySQL was in preview. Recently I needed to automate the deployment of this component and wanted to enable ATP on deployment time with no manual intervention. To my surprise the feature cannot be enabled via Azure Cli nor ARM templates. But it is possible to enable it using the Resource Manager REST API.

The alternative to the Portal, to enable this programmatically, you can use the Azure RM REST API, as it is documented here: Server Security Alert Policies.

In order to accomplish this, what you’ll need is a token for the management.azure.com API. You can do this by authenticating against login.microsoftonline.com and asking for a token to interact with the Azure RM API (approach when you want to automate the process). If you are interested on checking how to do this, follow this article. Keep in mind it is an old article, the add “required permissions” steps to grant permissions to the SPN to interact with Service Manager can be ignored.

Alternatively, you can connect to Azure RM with your user account (either using PowerShell AzureRM modules or Azure Cli). I’ll follow this second last approach as it is simpler to demonstrate. You can obtain a token by running these commands:

Once you have obtained the token, you can query the status of Advanced Threat Protection by running:

*Replace {subscriptionId}, {resourceGroupName} and {mySQLServerName} with the corresponding values for your case.

The result will look like this:

To enable it, you will have to run:

The answer should look like this:

And if you run again the first step to check how the ATP policy is configured, you should obtain the following:

The full script to enable Advanced Threat Protection should look like this:

 

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.