Open in app

Sign in

Write

Sign in

Create User on Azure MySQL Database with Terraform

PR Code - Christopher Pateman
2 min readApr 21, 2021

After you create you Azure MySQL Server, you would like to create a Database, but for security you would like to have a new custom user added with permission. Unfortunately the Azure Providers do not provide this, so we need to use some other skills to get these users in.

First we can go ahead and create the MySQL Server and Database. We use the Random provider to generate a random password for the MySQL password, with the rest of the details as default. There are a few places I have put variables in to make it more flexible, which can be expanded on or reduced.

resource "random_password" "server_pwd" { 
  length = 20 
  min_upper = 2 
  min_lower = 2 
  min_numeric = 2 
  min_special = 2 
} resource "azurerm_mysql_server" "mysql_server" { 
  name = var.mysql_server_name 
  location = var.location 
  resource_group_name = var.resource_group_name 
  administrator_login = "mysqladminun" 
  administrator_login_password = random_password.server_pwd.result 
  sku_name = "B_Gen5_2" 
  storage_mb = 5120 
  version = "5.7" 
  auto_grow_enabled = true 
  backup_retention_days = 7 
  geo_redundant_backup_enabled = false 
  infrastructure_encryption_enabled = false 
  public_network_access_enabled = true 
  ssl_enforcement_enabled = true 
  ssl_minimal_tls_version_enforced = "TLS1_2" 
} resource "azurerm_mysql_database" "mysql_database" { 
  name = var.database_name 
  resource_group_name = var.resource_group_name 
  server_name = var.server_name 
  charset = var.database_charset 
  collation = var.database_collation 
}

When creating the user it uses standard MySQL queries, therefore we not only need connections to the Database we also need to allow the running service through the MySQL Firewall. To do this we can update the Firewall with our IP Address. You can pass in the IP manually or through a different method, but here I am using a HTTP request to ‘ http://ifconfig.me/ip ‘ which returns the current IP of what is running the Terraform. We then update the Firewall settings with this IP Address.

data "http" "myip" { 
 url = "http://ifconfig.me/ip" 
} resource "azurerm_mysql_firewall_rule" "mysql_firewall_clientip" {
  name = "ClientIpAddress" 
  resource_group_name = var.resource_group_name 
  server_name = var.mysql_server_name 
  start_ip_address = chomp(data.http.myip.body) 
  end_ip_address = chomp(data.http.myip.body) 
}

At this point we would have an MySQL Server, MySQL Database and our service IP Address allowed on the Firewall. From here we can then use the MySQL provider in Terraform. https://www.terraform.io/docs/providers/mysql/index.html

Get the full code and more details a the original post > https://prcode.co.uk/2021/04/21/create-user-on-azure-mysql-database-with-terraform/

Originally published at http://prcode.co.uk on April 21, 2021.

Azure
MySQL
Terraform

--

--

PR Code - Christopher Pateman

Written by PR Code - Christopher Pateman

48 Followers

I’m a Azure DevOps Engineer with a wide knowledge of the digital landscape. I enjoy sharing hard to find fixes and solutions for the wider community to use.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams