Azure MySQL Database Server SSL connection is disabled
Description
SSL connectivity provides a new layer of security by connecting a database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between a database server and client applications helps protect against man-in-the-middle attacks. This is achieved by encrypting the data stream between the server and application. We recommend you set Enforce SSL connection to Enable on MYSQL Server databases.
Code Example
go
resource "azurerm_mysql_server" "example" {
...
+ ssl_enforcement_enabled = true
}Remediation
- Azure Portal To change the policy using the Azure Portal, follow these steps:*
. Log in to the Azure Portal at https://portal.azure.com.
. Navigate to * Azure Database* for * MySQL server*.
. For each database: a) Click * Connection security*. + b) Navigate to *SSL Settings section. + c) To * Enforce SSL connection click * ENABLED.
- CLI Command*
To set MYSQL Databases to Enforce SSL connection, use the following command:
az mysql server update --resource-group & lt;resourceGroupName> --name & lt;serverName> --ssl-enforcement Enabled
=== Fix - Buildtime
Terraform
- Resource: azurerm_mysql_server
- Arguments: ssl_enforcement_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0539 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | ARM, |
| Checkov ID | CKV_AZURE_28 |