Azure PostgreSQL servers not configured with private endpoint
Description
This policy checks whether Azure PostgreSQL database servers are configured with private endpoints. Private endpoint connections are crucial for ensuring secure communication, as they establish exclusive, private connectivity to Azure Database for PostgreSQL. Configuring a private endpoint restricts access to traffic originating from known networks, preventing entry from potentially malicious or unknown IP addresses, including those within Azure. It is recommended to establish a private endpoint to ensure secure communication for your Azure PostgreSQL database.
Code Example
go
resource "azurerm_private_endpoint" "example" {
name = "postgresqlprivateendpoint"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
subnet_id = azure_subnet.example.id
private_service_connection {
name = "postgresqlprivateserviceconnection"
private_connection_resource_id = azurerm_postgresql_server.example.id
subresource_name = "postgresqlServer"
is_manual_connection = false
}
}Remediation
Terraform
- Resource: azurerm_postgresql_server, azurerm_private_endpoint
- Arguments: private_connection_resource_id
To fix this issue and establish secure communication with your network, configure your Azure PostgreSQL Server with a private endpoint.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0799 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_42 |