Auto Discover Azure SQL Databases

Automatically discover all Azure SQL Databases in a Subscription or Management Group for JIT access management

Discover SQL Databases in Azure

Azure SQL databases provide powerful and flexible relational database services in the cloud. This guide shows you how to enable Apono to discover and manage your Azure SQL databases, including MySQL and PostgreSQL instances.

Prerequisites

Before you start, ensure you have:

  1. One or more Apono connectors installed with network access to your Azure SQL databases.

    • Minimum required version: 1.3.6

  2. Permissions to create and manage Azure Key Vault secrets and tag Azure resources.

  3. Access to your Azure Subscription or Management Group.

This capabiltiy requires network access to each discovered database. If you have databases in different networks, make sure to create an Azure connector for each one.

Steps to Enable SQL Database Discovery

Create Secrets

  1. Create secrets in Azure Key Vault for your MySQL and PostgreSQL database credentials.

  2. Follow the required format for each database type:

    • For MySQL read more here

    • For PostgreSQL read more here

Example commands:

az keyvault secret set --vault-name "<KEYVAULT_NAME>" --name "<MYSQL_SECRET_NAME>" --value '{"username": "<USERNAME>", "password": "<PASSWORD>"}'
az keyvault secret set --vault-name "<KEYVAULT_NAME>" --name "<POSTGRESQL_SECRET_NAME>" --value '{"username": "<USERNAME>", "password": "<PASSWORD>"}'

Tag Your SQL Databases

For each database you want Apono to discover:

  1. Navigate to the database resource in the Azure portal.

  2. Add these tags:

    • Key: vault-url, Value: <URL of the Azure Key Vault containing the secret>

    • Key: secret-name, Value: <Name of the secret in Azure Key Vault>

Example:

  • Key: vault-url, Value: https://mystore.vault.azure.net/

  • Key: secret-name, Value: db-credentials

3. Set Up Apono Integration

  1. Go to the Integrations Catalog in the Apono web application.

  2. Click "Azure" and select either "Management Group" or "Subscription". Make sure to pick resources under Connect Sub Integrations:\

  3. Choose the Apono connector set up for your Subscription or Management Group. Read more here.

  4. Complete the integration by providing:

    • Integration Name: A descriptive name for your integration

    • Azure Subscription ID or Management Group ID (as applicable)

Verifying Discovery

  1. Apono will discover tagged SQL databases during its next sync.

  2. Check the Integrations page to see the main integration and the discovered databases.

Important Notes

  • Ensure your Apono connector has network access to all SQL databases you want to discover.

  • Multiple Apono connectors may be needed if databases exist in different network environments.

  • The discovery process uses Azure Resource Graph and doesn't require direct database access for initial discovery.

For any questions about the discovery process, contact Apono support.

PreviousIntegrate with Azure Management Group or SubscriptionNextAzure MySQL

Last updated