My SQL server disables geo-redundant backups
Description
Ensure that your Microsoft Azure My SQL database servers have geo-redundant backups enabled, to allow you to restore your My SQL servers to a different Azure region in the event of a regional outage or a disaster. Geo-restore is the default recovery option when your My SQL database server is unavailable because of a large-scale incident, such as a natural disaster, occurs in the region where the database server is hosted.
.During geo-restore, the My SQL server configuration can be changed. These configuration changes include compute generation, vCore, backup retention period and backup redundancy options.
Code Example
resource "azurerm_mysql_server" "example" {
...
+ geo_redundant_backup_enabled = true
}Remediation
- In Azure console*
. Sign in to * Azure Management Console*.
. Navigate to * All resource**s blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.
. From the Type filter box, select Azure Database for My SQL server to list the My SQL servers provisioned within your Azure account.
. Click on the name of the My SQL database server that you want to examine.
. In the navigation panel, under Settings, select Pricing tier to access the pricing tier settings available for the selected My SQL server.
. On the Pricing tier page, in the Backup Redundancy Options section, check the backup redundancy tier configured for the database server. + If the selected tier is Locally Redundant, the data can be recovered from within the current region only, therefore the Geo-Redundant backup feature is not enabled for the selected Microsoft Azure My SQL database server.
. Repeat steps no. + 4 -- 6 for each My SQL database server available in the current Azure subscription.
. Repeat steps no. + 3 -- 7 for each subscription created in your Microsoft Azure cloud account. === Fix - Buildtime
Terraform
- Resource: azurerm_mysql_server
- Arguments: geo_redundant_backup_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0601 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_94 |