Azure PostgreSQL Flexible Server does not enable geo-redundant backups
Description
Azure PostgreSQL Flexible Server allows you to choose between locally redundant or geo-redundant backup storage in the General Purpose and Memory Optimized tiers. When the backups are stored in geo-redundant backup storage, they are not only stored within the region in which your server is hosted, but are also replicated to a paired data center. This provides better protection and ability to restore your server in a different region in the event of a disaster.
Code Example
go
resource "azurerm_postgresql_flexible_server" "pass" {
name = "example-psqlflexibleserver"
resource_group_name = "azurerm_resource_group.example.name"
location = "azurerm_resource_group.example.location"
version = "12"
delegated_subnet_id = "azurerm_subnet.example.id"
private_dns_zone_id = "azurerm_private_dns_zone.example.id"
administrator_login = "psqladmin"
administrator_password = "H@Sh1CoR3!"
zone = "1"
storage_mb = 32768
geo_redundant_backup_enabled = true
sku_name = "GP_Standard_D4s_v3"
depends_on = ["azurerm_private_dns_zone_virtual_network_link.example"]
}Remediation
TBA === Fix - Buildtime
Terraform
- Resource: azurerm_postgresql_flexible_server
- Arguments: geo_redundant_backup_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0643 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_136 |