Ledger feature is disabled on the database
Description
This policy refers to the enabling of the Ledger feature in Azure databases. The Ledger feature is a way of recording all changes to the data within a database, maintaining a history of all data modifications. This is important for auditing, security, and data recovery purposes. If the Ledger feature is not enabled, it might lead to difficulties in tracking changes, detecting malicious activity, or recovering lost data. Therefore, it's bad practice not to activate this feature due to the potential security risks and data management issues.
Code Example
hcl
resource "azurerm_mssql_database" "pass" {
name = "example-database"
...
+ ledger_enabled = true
}Remediation
Terraform
- Resource: azurerm_mssql_database
- Arguments: ledger_enabled
To fix this issue, you have to modify the `azurerm_mssql_database` resource in the Terraform code to include the `ledger_enabled` argument and set it to `true`.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0731 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_224 |