diff --git a/data/templates/agent/InstallMsSqlServer.template b/data/templates/agent/InstallMsSqlServer.template
index 8a75996..d1eaacc 100644
--- a/data/templates/agent/InstallMsSqlServer.template
+++ b/data/templates/agent/InstallMsSqlServer.template
@@ -4,7 +4,8 @@
"OptionParser.ps1",
"SQLServerOptionParsers.ps1",
"SQLServerInstaller.ps1",
- "Install-SQLServer.ps1"
+ "Install-SQLServer.ps1",
+ "Alter-FirewallRulesForSQL.ps1"
],
"Commands": [
{
@@ -13,6 +14,10 @@
"SAPassword": "$saPassword",
"MixedModeAuth": "$mixedModeAuth"
}
+ },
+ {
+ "Name": "Enable-SQLExternalAccess",
+ "Arguments": {}
}
],
"RebootOnCompletion": 0
diff --git a/data/templates/agent/scripts/Alter-FirewallRulesForSQL.ps1 b/data/templates/agent/scripts/Alter-FirewallRulesForSQL.ps1
new file mode 100644
index 0000000..2e2594f
--- /dev/null
+++ b/data/templates/agent/scripts/Alter-FirewallRulesForSQL.ps1
@@ -0,0 +1,61 @@
+trap {
+ &$TrapHandler
+}
+
+
+$FW_Rules = @{
+ "SQL Server Data Connection" = "1433";
+ "SQL Admin Connection" = "1434";
+ "SQL Service Broker" = "4022";
+ "SQL Debugger/RPC"="135";
+}
+
+
+$FW_Proto = "TCP"
+
+
+function Add-NetshFirewallRule {
+ param (
+ [HashTable] $hshRules,
+ [String] $proto
+ )
+
+
+ foreach ($h in $hshRules.GetEnumerator()) {
+ try {
+ $command="advfirewall firewall add rule name=`"$($h.Name)`" dir=in action=allow protocol=$proto localport=$($h.Value)"
+ Start-Process -FilePath netsh -ArgumentList $command -Wait
+ }
+ catch {
+ $except= $_ | Out-String
+ Write-LogError "Add rule $($h.Name) FAILS with $except"
+ }
+ }
+}
+
+function Remove-NetShFirewallRule {
+ param (
+ [HashTable] $hshRules
+ )
+
+ foreach ($h in $hshRules.GetEnumerator()) {
+ try {
+ $command="advfirewall firewall delete rule name=`"$($h.Name)`""
+ Start-Process -FilePath netsh -ArgumentList $command -Wait
+ }
+ catch {
+ $except= $_ | Out-String
+ Write-LogError "Delete rule $($h.Name) FAILS with $except"
+ }
+ }
+}
+
+
+function Enable-SQLExternalAccess {
+ Add-NetshFirewallRule $FW_Rules $FW_Proto
+}
+
+
+function Disable-SQLExternalAccess {
+ Remove-NetshFirewallRule $FW_Rules $FW_Proto
+}
diff --git a/data/templates/cf/Windows-w-SQL-security.template b/data/templates/cf/Windows-w-SQL-security.template
new file mode 100644
index 0000000..5590cb5
--- /dev/null
+++ b/data/templates/cf/Windows-w-SQL-security.template
@@ -0,0 +1,59 @@
+{
+ "AWSTemplateFormatVersion": "2010-09-09",
+
+ "Parameters": {
+ "KeyName": {
+ "Description": "Key Pair name for Load Balancer",
+ "Type": "String",
+ "Default": "murano-lb-key"
+ }
+ },
+
+ "Resources": {
+ "$instanceName": {
+ "Type": "AWS::EC2::Instance",
+ "Properties": {
+ "InstanceType": "$instanceType",
+ "ImageId": "$imageName",
+ "AvailabilityZone": "$availabilityZone",
+ "UserData": "$userData",
+ "SecurityGroups" : [ {"Ref" : "MsSqlSecuritygroup"} ]
+ }
+ },
+ "MsSqlSecuritygroup": {
+ "Type": "AWS::EC2::SecurityGroup",
+ "Properties": {
+ "SecurityGroupIngress": [
+ {
+ "ToPort": 4022,
+ "IpProtocol": "tcp",
+ "FromPort": 4022,
+ "CidrIp": "0.0.0.0/0"
+ },
+ {
+ "ToPort": 135,
+ "IpProtocol": "tcp",
+ "FromPort": 135,
+ "CidrIp": "0.0.0.0/0"
+ },
+ {
+ "ToPort": 1433,
+ "IpProtocol": "tcp",
+ "FromPort": 1433,
+ "CidrIp": "0.0.0.0/0"
+ },
+ {
+ "ToPort": 1434,
+ "IpProtocol": "tcp",
+ "FromPort": 1434,
+ "CidrIp": "0.0.0.0/0"
+ }
+ ],
+ "GroupDescription": "Enable MS SQL access"
+ }
+ }
+ },
+
+ "Outputs": {
+ }
+}
diff --git a/data/workflows/MsSqlServer.xml b/data/workflows/MsSqlServer.xml
index 070932c..5fee60e 100644
--- a/data/workflows/MsSqlServer.xml
+++ b/data/workflows/MsSqlServer.xml
@@ -13,7 +13,7 @@
Creating instance ()
-
+