For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/terraform-azure-sql-server-predictable-admin-account-name.md.
A documentation index is available at /llms.txt.
Azure SQL Server administrator login names should not use common or predictable values like admin or administrator. Using predictable names for the administrator_login attribute, such as administrator_login = "Admin", makes brute force or credential stuffing attacks easier for malicious actors, increasing the risk of unauthorized database access. To mitigate this, configure the login with an unpredictable name, as shown below:
administrator_login = "UnpredictableAdminLogin"
Compliant Code Examples
#this code is a correct code for which the query should not find any result
resource"azurerm_resource_group""negative1"{name="database-rg"location="West US"}resource"azurerm_storage_account""negative2"{name="examplesa"resource_group_name=azurerm_resource_group.example.namelocation=azurerm_resource_group.example.locationaccount_tier="Standard"account_replication_type="LRS"}resource"azurerm_sql_server""negative3"{name="mssqlserver"resource_group_name=azurerm_resource_group.example.namelocation=azurerm_resource_group.example.locationversion="12.0"administrator_login="UnpredictableAdminLogin"administrator_login_password="thisIsDog11"extended_auditing_policy{storage_endpoint=azurerm_storage_account.example.primary_blob_endpointstorage_account_access_key=azurerm_storage_account.example.primary_access_keystorage_account_access_key_is_secondary=trueretention_in_days=6}tags={environment="production"}}
Non-Compliant Code Examples
#this is a problematic code where the query should report a result(s)
resource"azurerm_resource_group""positive1"{name="database-rg"location="West US"}resource"azurerm_storage_account""positive2"{name="examplesa"resource_group_name=azurerm_resource_group.example.namelocation=azurerm_resource_group.example.locationaccount_tier="Standard"account_replication_type="LRS"}resource"azurerm_sql_server""positive3"{name="mssqlserver"resource_group_name=azurerm_resource_group.example.namelocation=azurerm_resource_group.example.locationversion="12.0"administrator_login=""administrator_login_password="thisIsDog11"extended_auditing_policy{storage_endpoint=azurerm_storage_account.example.primary_blob_endpointstorage_account_access_key=azurerm_storage_account.example.primary_access_keystorage_account_access_key_is_secondary=trueretention_in_days=6}tags={environment="production"}}resource"azurerm_sql_server""positive4"{name="mssqlserver"resource_group_name=azurerm_resource_group.example.namelocation=azurerm_resource_group.example.locationversion="12.0"administrator_login="Admin"administrator_login_password="thisIsDog11"extended_auditing_policy{storage_endpoint=azurerm_storage_account.example.primary_blob_endpointstorage_account_access_key=azurerm_storage_account.example.primary_access_keystorage_account_access_key_is_secondary=trueretention_in_days=6}tags={environment="production"}}
1
2
rulesets:- Terraform / Azure # Rules to enforce / Azure.
Request a personalized demo
Get Started with Datadog
Ask AI
AI-generated responses may be inaccurate. Verify important info.
