Use Terraform AzApi provider to deploy an Azure Firewall Policy Rule Collection Group containing Mssql type application rule.
You can use checkov to scan you Iac code for misconfigurations in a DevSecOps manner. It can also be integrated with pre-commit. If you want, it can be applied to Bicep, Kubernetes or other supported frameworks.
You can use pre-commit-terraform to catch basic syntax errors before commiting to repository. It is also possible to write automatic Markdown documentation!