PostgreSQL Database server “enforce SSL connection” should be enabled

Description

PostgreSQL Database server “enforce SSL connection” should be enabled. Enforcing SSL connections between your database server and your client applications helps protect against “man in the middle” attacks by encrypting the data stream between the server and your application.

Remediation Steps

Azure Portal

  • Navigate to Azure Database for PostgreSQL server.

  • Select the database.

  • In the left navigation under Settings, select Connection security.

  • In SSL settings, select ENABLED to Enforce SSL connection.

  • Click Save.

Azure CLI

  • To enforce SSL connection on PostgreSQL Database server:

az postgres server update --resource-group <resourceGroupName> --name <serverName> --ssl-enforcement Enabled

Azure Resource Manager

Example Configuration

{
  "properties": {
    "sslEnforcement": "Enabled"
  }
  # other required fields here
}

Example Configuration

{
  "type": "Microsoft.DBforPostgreSQL/servers",
  "apiVersion": "2017-12-01",
  "name": "TestServer",
  "properties": {
    "sslEnforcement": "Enabled"
  }
  # other required fields here
}

Terraform

Example Configuration

resource "azurerm_postgresql_server" "example" {
  ssl_enforcement_enabled = true

  # other required fields here
}