PostgreSQL Database server “enforce SSL connection” should be enabled¶
Description¶
PostgreSQL Database server “enforce SSL connection” should be enabled. Enforcing SSL connections between your database server and your client applications helps protect against “man in the middle” attacks by encrypting the data stream between the server and your application.
Remediation Steps¶
Azure Portal¶
Navigate to Azure Database for PostgreSQL server.
Select the database.
In the left navigation under Settings, select Connection security.
In SSL settings, select ENABLED to Enforce SSL connection.
Click Save.
Azure CLI¶
To enforce SSL connection on PostgreSQL Database server:
az postgres server update --resource-group <resourceGroupName> --name <serverName> --ssl-enforcement Enabled
Azure Resource Manager¶
Ensure that a Microsoft.DBforPostgreSQL/servers resource contains the following:
Example Configuration¶
{
"properties": {
"sslEnforcement": "Enabled"
}
# other required fields here
}
Example Configuration¶
{
"type": "Microsoft.DBforPostgreSQL/servers",
"apiVersion": "2017-12-01",
"name": "TestServer",
"properties": {
"sslEnforcement": "Enabled"
}
# other required fields here
}
Terraform¶
Ensure that an azurerm_postgresql_server contains the following:
ssl_enforcement_enabled
= true
Example Configuration¶
resource "azurerm_postgresql_server" "example" {
ssl_enforcement_enabled = true
# other required fields here
}