kumarvna
diff --git a/‎README.md‎
Lines changed: 50 additions & 10 deletions b/‎README.md‎
Lines changed: 50 additions & 10 deletions
diff --git a/‎example/complete/README.md‎ renamed to ‎examples/MySQL_Server/README.md‎
Lines changed: 4 additions & 4 deletions b/‎example/complete/README.md‎ renamed to ‎examples/MySQL_Server/README.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎example/complete/main.tf‎ renamed to ‎examples/MySQL_Server/main.tf‎
Lines changed: 4 additions & 4 deletions b/‎example/complete/main.tf‎ renamed to ‎examples/MySQL_Server/main.tf‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎example/complete/variables.tf‎ renamed to ‎examples/MySQL_Server/variables.tf‎ b/‎example/complete/variables.tf‎ renamed to ‎examples/MySQL_Server/variables.tf‎
diff --git a/‎examples/MySQL_Server_with_Private_Endpoint/README.md‎
Lines changed: 107 additions & 0 deletions b/‎examples/MySQL_Server_with_Private_Endpoint/README.md‎
Lines changed: 107 additions & 0 deletions
@@ -12,13 +12,15 @@ Azure Database for MySQL is easy to set up, manage and scale. It automates the
 * [MySQL Customer Managed Key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server_key)
 * [MySQL Virtual Network Rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_virtual_network_rule)
 * [MySQL Diagnostics](https://docs.microsoft.com/en-us/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure?tabs=azure-portal)
+* [Private Endpoints](https://www.terraform.io/docs/providers/azurerm/r/private_endpoint.html)
+* [Private DNS zone for `privatelink` A records](https://www.terraform.io/docs/providers/azurerm/r/private_dns_zone.html)
 
 ## Module Usage
 
 ```hcl
-module "mssql-server" {
+module "mysql-db" {
   source  = "kumarvna/mysql-db/azurerm"
-  version = "1.0.0"
+  version = "1.1.0"
 
   # By default, this module will create a resource group
   # proivde a name to use an existing resource group and set the argument 
@@ -29,14 +31,14 @@ module "mssql-server" {
   location              = "westeurope"
 
   # MySQL Server and Database settings
-  mysqlserver_name = "roshmysqldbsrv01"
+  mysqlserver_name = "mysqldbsrv01"
 
   mysqlserver_settings = {
     sku_name   = "GP_Gen5_16"
     storage_mb = 5120
     version    = "5.7"
     # Database name, charset and collection arguments  
-    database_name = "roshydemomysqldb"
+    database_name = "demomysqldb"
     charset       = "utf8"
     collation     = "utf8_unicode_ci"
     # Storage Profile and other optional arguments
@@ -61,6 +63,14 @@ module "mssql-server" {
   # The URL to a Key Vault custom managed key
   key_vault_key_id = var.key_vault_key_id
 
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.mysql.database.azure.com` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
+  enable_private_endpoint       = true
+  virtual_network_name          = "vnet-shared-hub-westeurope-001"
+  private_subnet_address_prefix = ["10.1.5.0/29"]
+  #  existing_private_dns_zone     = "demo.example.com"
+
   # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
   enable_threat_detection_policy = true
   log_retention_days             = 30
@@ -138,6 +148,8 @@ A few Supported parameters are here for your reference. you can find all these `
 
 A virtual network rule for your Azure Database for MySQL server is a subnet that is listed in the access control list (ACL) of your Azure Database for MySQL server. To be in the ACL for your Azure Database for MySQL server, the subnet must contain the **`Microsoft.Sql`** type name. To enable this feature, add a `subnet_id` with valid resource id.
 
+>This feature is available in all regions of Azure where Azure Database for MySQL is deployed for General Purpose and Memory Optimized servers. In case of VNet peering, if traffic is flowing through a common VNet Gateway with service endpoints and is supposed to flow to the peer, please create an ACL/VNet rule to allow Azure Virtual Machines in the Gateway VNet to access the Azure Database for MySQL server.
+
 ### Data Encryption with a Customer-managed Key
 
 Data encryption with customer-managed keys for Azure Database for MySQL enables you to bring your own key (BYOK) for data protection at rest. It also allows organizations to implement separation of duties in the management of keys and data.
@@ -146,13 +158,17 @@ Data encryption is set at the server-level. The customer-managed key is an asymm
 
 ### Server Firewall Rules
 
-Firewalls prevent all access to your database server until you specify which computers have permission. To configure a firewall, create firewall rules that specify ranges of acceptable IP addresses. You can create firewall rules at the server level with variable `firewall_rules` with valid IP addresses.
+Firewalls prevent all access to your database server until you specify which computers have permission. To configure a firewall, create firewall rules that specify ranges of acceptable IP addresses.
+
+By default, no external access to your MySQL Database will be allowed until you explicitly assign permission by creating a firewall rule. To add the firewall rules to the MySQL database, specify the list of `firewall_rules` with valid IP addresses.
 
-### Active Directory Administrator
+### Adding Active Directory Administrator to SQL Database
 
-This module supports for Azure Active Directory (Azure AD) integration for Azure Database for MySQL. This integration allows you to securely sign in to their database by using Azure Active Directory and to manage credentials in a central place. For consistent role management, manage database access using Active Directory groups. You can add AD user/group using `ad_admin_login_name` variable.  
+Azure Active Directory authentication is a mechanism of connecting to Microsoft Azure database for MySQL by using identities in Azure Active Directory (Azure AD). This module adds the provided Azure Active Directory user/group to MySQL Database as an administrator so that the user can login to this database with Azure AD authentication.
 
-> Azure Active Directory authentication is only available for MySQL 5.7 and newer. Only one Azure AD administrator can be configured for a Azure Database for MySQL server at any time. Only an Azure AD administrator for MySQL can initially connect to the Azure Database for MySQL using an Azure Active Directory account.
+By default, this feature not enabled on this module. To add the Active Directory Administrator, set the argument `ad_admin_login_name` with a valid Azure AD user/group login name.  
+
+>Azure Active Directory authentication is only available for MySQL 5.7 and newer. Only one Azure AD administrator can be configured for a Azure Database for MySQL server at any time. Only an Azure AD administrator for MySQL can initially connect to the Azure Database for MySQL using an Azure Active Directory account.
 
 ### Threat detection policy AKA Server Security Alerts Policy
 
@@ -164,14 +180,30 @@ Advanced Threat Detection for Azure Database for MySQL server detects anomalous
 * Access from a potentially harmful application
 * Brute force login credentials
 
-Enable threat detection policy setting up the variables `enable_threat_detection_policy`, `log_retention_days` and `email_addresses_for_alerts` with valid values.
+By default, this feature not enabled on this module. Enable threat detection policy setting up the variables `enable_threat_detection_policy`, `log_retention_days` and `email_addresses_for_alerts` with valid values.
+
+>Note: Enabling `threat_detection_policy` features on SQL servers and database going to create a storage account to keep all audit logs. Log retention policy to be configured to keep the size within limits for this storage account. Note that this module creates resources that can cost money.
+
+### Private Link to Azure Database for MySQL
+
+Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet.
+
+With Private Link, Microsoft offering the ability to associate a logical server to a specific private IP address (also known as private endpoint) within the VNet. This module helps to implement Failover Groups using private endpoint for SQL Database instead of the public endpoint thus ensuring that customers can get security benefits that it offers.
+
+Clients can connect to the Private endpoint from the same VNet, peered VNet in same region, or via VNet-to-VNet connection across regions. Additionally, clients can connect from on-premises using ExpressRoute, private peering, or VPN tunneling.
+
+By default, this feature not enabled on this module. To create private link with private endpoints set the variable `enable_private_endpoint` to `true` and provide `virtual_network_name`, `private_subnet_address_prefix` with a valid values. You can also use the existing private DNS zone to create DNS records. To use this feature, set the `existing_private_dns_zone` with a valid existing private DNS zone name.
+
+For more details: [Private Link for Azure Database for MySQL](https://docs.microsoft.com/en-us/azure/mysql/concepts-data-access-security-private-link)
+
+>The private link feature is only available for Azure Database for MySQL servers in the General Purpose or Memory Optimized pricing tiers. Ensure the database server is in one of these pricing tiers.
 
 ## Recommended naming and tagging conventions
 
 Applying tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply the name `Environment` and the value `Production` to all the resources in production.
 For recommendations on how to implement a tagging strategy, see Resource naming and tagging decision guide.
 
-> **Important** :
+>**Important** :
 Tag names are case-insensitive for operations. A tag with a tag name, regardless of the casing, is updated or retrieved. However, the resource provider might keep the casing you provide for the tag name. You'll see that casing in cost reports. **Tag values are case-sensitive.**
 
 An effective naming convention assembles resource names by using important resource information as parts of a resource's name. For example, using these [recommended naming conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging#example-names), a public IP resource for a production SharePoint workload is named like this: `pip-sharepoint-prod-westus-001`.
@@ -215,6 +247,10 @@ firewall_rules|Range of IP addresses to allow firewall connections|map(object({}
 `ad_admin_login_name`|The login name of the principal to set as the server administrator|string|`null`
 `key_vault_key_id`|The URL to a Key Vault custom managed key|string|`null`
 `extaudit_diag_logs`|Database Monitoring Category details for Azure Diagnostic setting|list(string)|`["MySqlSlowLogs", "MySqlAuditLogs"]`
+`enable_private_endpoint`|Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link|string|`"false"`
+`virtual_network_name` | The name of the virtual network|string|`""`
+`private_subnet_address_prefix`|A list of subnets address prefixes inside virtual network| list |`[]`
+`existing_private_dns_zone`|Name of the existing private DNS zone|string|`null`
 `Tags` | A map of tags to add to all resources | map | `{}`
 
 ## Outputs
@@ -224,6 +260,10 @@ firewall_rules|Range of IP addresses to allow firewall connections|map(object({}
 `mysql_server_id`|The resource ID of the MySQL Server
 `mysql_server_fqdn`|The FQDN of the MySQL Server
 `mysql_database_id`|The resource ID of the MySQL Database
+`mysql_server_private_endpoint`|id of the MySQL server Private Endpoint
+`mysql_server_private_dns_zone_domain`|DNS zone name of MySQL server Private endpoints DNS name records
+`mysql_server_private_endpoint_ip`|MySQL server private endpoint IPv4 Addresses
+`mysql_server_private_endpoint_fqdn`|MySQL server private endpoint FQDN Addresses
 
 ## Resource Graph
 
 
@@ -5,9 +5,9 @@ Azure Database for MySQL is easy to set up, manage and scale. It automates the
 ## Module Usage
 
 ```hcl
-module "mssql-server" {
+module "mysql-db" {
   source  = "kumarvna/mysql-db/azurerm"
-  version = "1.0.0"
+  version = "1.1.0"
 
   # By default, this module will create a resource group
   # proivde a name to use an existing resource group and set the argument 
@@ -18,14 +18,14 @@ module "mssql-server" {
   location              = "westeurope"
 
   # MySQL Server and Database settings
-  mysqlserver_name = "roshmysqldbsrv01"
+  mysqlserver_name = "mysqldbsrv01"
 
   mysqlserver_settings = {
     sku_name   = "GP_Gen5_16"
     storage_mb = 5120
     version    = "5.7"
     # Database name, charset and collection arguments  
-    database_name = "roshydemomysqldb"
+    database_name = "demomysqldb"
     charset       = "utf8"
     collation     = "utf8_unicode_ci"
     # Storage Profile and other optional arguments
 
@@ -1,6 +1,6 @@
-module "mssql-server" {
+module "mysql-db" {
   source  = "kumarvna/mysql-db/azurerm"
-  version = "1.0.0"
+  version = "1.1.0"
 
   # By default, this module will create a resource group
   # proivde a name to use an existing resource group and set the argument 
@@ -11,14 +11,14 @@ module "mssql-server" {
   location              = "westeurope"
 
   # MySQL Server and Database settings
-  mysqlserver_name = "roshmysqldbsrv01"
+  mysqlserver_name = "mysqldbsrv01"
 
   mysqlserver_settings = {
     sku_name   = "GP_Gen5_16"
     storage_mb = 5120
     version    = "5.7"
     # Database name, charset and collection arguments  
-    database_name = "roshydemomysqldb"
+    database_name = "demomysqldb"
     charset       = "utf8"
     collation     = "utf8_unicode_ci"
     # Storage Profile and other optional arguments
 
@@ -0,0 +1,107 @@
+# Azure Database for MySQL Terraform Module
+
+Azure Database for MySQL is easy to set up, manage and scale. It automates the management and maintenance of your infrastructure and database server, including routine updates, backups and security. Enjoy maximum control of database management with custom maintenance windows and multiple configuration parameters for fine grained tuning with Flexible Server (Preview).
+
+## Module Usage
+
+```hcl
+module "mysql-db" {
+  source  = "kumarvna/mysql-db/azurerm"
+  version = "1.1.0"
+
+  # By default, this module will create a resource group
+  # proivde a name to use an existing resource group and set the argument 
+  # to `create_resource_group = false` if you want to existing resoruce group. 
+  # If you use existing resrouce group location will be the same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # MySQL Server and Database settings
+  mysqlserver_name = "mysqldbsrv01"
+
+  mysqlserver_settings = {
+    sku_name   = "GP_Gen5_16"
+    storage_mb = 5120
+    version    = "5.7"
+    # Database name, charset and collection arguments  
+    database_name = "demomysqldb"
+    charset       = "utf8"
+    collation     = "utf8_unicode_ci"
+    # Storage Profile and other optional arguments
+    auto_grow_enabled                 = true
+    backup_retention_days             = 7
+    geo_redundant_backup_enabled      = false
+    infrastructure_encryption_enabled = false
+    public_network_access_enabled     = true
+    ssl_enforcement_enabled           = true
+    ssl_minimal_tls_version_enforced  = "TLS1_2"
+  }
+
+  # MySQL Server Parameters
+  # For more information: https://docs.microsoft.com/en-us/azure/mysql/concepts-server-parameters
+  mysql_configuration = {
+    interactive_timeout = "600"
+  }
+
+  # Use Virtual Network service endpoints and rules for Azure Database for MySQL
+  subnet_id = var.subnet_id
+
+  # The URL to a Key Vault custom managed key
+  key_vault_key_id = var.key_vault_key_id
+
+  # Creating Private Endpoint requires, VNet name and address prefix to create a subnet
+  # By default this will create a `privatelink.mysql.database.azure.com` DNS zone. 
+  # To use existing private DNS zone specify `existing_private_dns_zone` with valid zone name
+  enable_private_endpoint       = true
+  virtual_network_name          = "vnet-shared-hub-westeurope-001"
+  private_subnet_address_prefix = ["10.1.5.0/29"]
+  #  existing_private_dns_zone     = "demo.example.com"
+
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+  email_addresses_for_alerts     = ["user@example.com", "firstname.lastname@example.com"]
+
+  # AD administrator for an Azure MySQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "firstname.lastname@example.com"
+
+  # (Optional) To enable Azure Monitoring for Azure MySQL database
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+  firewall_rules = {
+    access-to-azure = {
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    desktop-ip = {
+      start_ip_address = "49.204.228.223"
+      end_ip_address   = "49.204.228.223"
+    }
+  }
+
+  # Tags for Azure Resources
+  tags = {
+    Terraform   = "true"
+    Environment = "dev"
+    Owner       = "test-user"
+  }
+}
+```
+
+## Terraform Usage
+
+To run this example you need to execute following Terraform commands
+
+```hcl
+terraform init
+
+terraform plan
+
+terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.