Azure MariaDB database server not using latest TLS version
Description
This policy is checking to ensure that the Azure MariaDB server is using the latest version of TLS (Transport Layer Security), which is version 1.2. This is important because using outdated versions can expose the server to known vulnerabilities and security threats. TLS is a protocol used for securing communication over a network by encrypting the data sent between two systems to prevent potential eavesdropping, tampering, or message forgery. If an older version of TLS is used, it could lead to compromised data and impact the privacy and integrity of data transmission. Therefore, it is vital to guarantee the usage of the most recent version.
Code Example
resource "azurerm_mariadb_server" "example" {
...
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
}Remediation
Terraform
- Resource: azurerm_mariadb_server
- Arguments: ssl_enforcement_enabled, ssl_minimal_tls_version_enforced
To fix this issue, you should ensure that the 'ssl_enforcement' option is set to "Enabled" and the 'ssl_minimal_tls_version_enforced' option is set to "TLS1_2" in the Azure MariaDB server block.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0794 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_37 |