Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Flexible Server

Enable SSL connection on MYSQL Database Flexible Servers

Risk Level: High
Cloud Entity: My SQL DB Flexible Server
CloudGuard Rule ID: D9.AZU.CRY.32
Covered by Spectral: No
Category: Database


MySQLDBFlexibleServer should have parameters with [ name='require_secure_transport' and value regexMatch /[Oo][Nn]/ ]


From Portal

  1. Go to Azure Database for MySQL server from Azure Management console and choose your MySQL database Flexible server that you want to examine.
  2. In the navigation panel, under Settings, select 'Connect'.
  3. Under 'Pre-Requisites check', select 'Enable SSL to secure connections'.
  4. Click Save.

From TF
Set the 'ssl_enforcement_enabled' to 'true':

resource 'azurerm_mysql_server' 'example' {
	ssl_enforcement_enabled = true

From Command Line

az mysql flexible-server parameter set --name require_secure_transport --resource-group RESOURCEGROUPNAME --server-name SERVERNAME --value ON


  1. https://docs.microsoft.com/en-us/azure/mysql/concepts-ssl-connection-security
  2. https://docs.microsoft.com/en-us/cli/azure/mysql/flexible-server/parameter?view=azure-cli-latest#az-mysql-flexible-server-parameter-set
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_enforcement_enabled

My SQL DB Flexible Server

Azure Database for MySQL Flexible Server is a fully managed production-ready database service designed for more granular control and flexibility over database management functions and configuration settings. The flexible server architecture allows users to opt for high availability within single availability zone and across multiple availability zones.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.1.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CSA CCM v.4.0.1
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset