MySQL Flexible Server

azure-mysql-flexible

Azure Database for MySQL Flexible Server with optional HA, private VNet delegation, Entra (Azure AD) administration, firewall rules, databases and tuned server parameters. Works with Terraform and OpenTofu (>= 1.6), azurerm provider >= 4.0, < 5.0.

What you get beyond azurerm_mysql_flexible_server alone:

• TLS required by default — require_secure_transport = ON is shipped as a managed server parameter so clients can't connect in the clear; override or extend via server_configurations
• The delegated-subnet + private DNS zone link ordering handled correctly — the module creates the zone (<name>.private.mysql.database.azure.com), links it to your VNet, and forces the server to wait on the link (the classic mid-provisioning failure)
• A single Entra (Azure AD) administrator wired to a user-assigned identity, with preconditions that catch invalid identity/CMK combinations at plan time
• HA failovers won't cause perpetual diffs (zone / standby zone are ignored after create), and HA-on-Burstable is rejected at plan time
• Cheapest-by-default sizing: Burstable B_Standard_B1ms, 20 GiB storage, no geo-redundant backup

Requirements

• Terraform or OpenTofu >= 1.6
• hashicorp/azurerm >= 4.0, < 5.0
• For private networking the subnet must be delegated to Microsoft.DBforMySQL/flexibleServers and must not host other resource types.
• HA is not available on Burstable (B_) SKUs; geo-redundant backup cannot be toggled after create.
• CMK and the Entra administrator both require a user-assigned identity in identity_ids (MySQL Flexible Server supports UserAssigned identities only).

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).