Azure Database for MariaDB not configured with private endpoint
Description
This policy checks whether Azure MariaDB database servers are configured with private endpoints. Private endpoint connections are essential for ensuring secure communication, establishing exclusive, private connectivity to Azure Database for MariaDB. Configuring a private endpoint ensures access only from recognized networks, preventing entry from potentially malicious or unknown IP addresses, including those within Azure. It is recommended to establish a private endpoint to enhance the security of communication for your Azure MariaDB database.
Code Example
resource "azurerm_mariadb_server" "example" {
...
}
resource "azurerm_private_endpoint" "example" {
...
private_service_connection {
...
private_connection_resource_id = azurerm_mariadb_server.pass.id
...
}
}Remediation
Terraform
- Resource: azurerm_mariadb_server, azurerm_private_endpoint
- Arguments: private_connection_resource_id
To fix this issue and establish secure communication with your network, configure your Azure MariaDB server with a private endpoint, by adding a private_connection_resource_id connection to the azurerm_mariadb_server service.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0800 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_43 |