Azure PostgreSQL database server with SSL connection disabled
Description
SSL connectivity provides a new layer of security by connecting a database server to client applications using a Secure Sockets Layer (SSL). Enforcing SSL connections between a database server and client applications helps protect against man-in-the-middle attacks. This is achieved by encrypting the data stream between the server and application. We recommend you set Enforce SSL connection to** Enable** on PostgreSQL Server databases.
Code Example
go
resource "azurerm_postgresql_server" "example" {
...
+ ssl_enforcement_enabled = true
}Remediation
- Azure Portal To change the policy using the Azure Portal, follow these steps:*
. Log in to the Azure Portal at https://portal.azure.com.
. Navigate to * Azure Database* for * PostgreSQL server*.
. For each database: a) Click * Connection security*. + b) Navigate to *SSL Settings section. + c) To * Enforce SSL connection click * ENABLED.
- CLI Command*
To set * Enforce SSL Connection* for a* PostgreSQL Database**, use the following command:
az postgres server update --resource-group & lt;resourceGroupName> --name & lt;serverName> --ssl-enforcement Enabled
=== Fix - Buildtime
Terraform
- Resource: azurerm_postgresql_server
- Arguments: ssl_enforcement_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0540 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | ARM, |
| Checkov ID | CKV_AZURE_29 |