Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Flexible Server
Enable SSL connection
on MYSQL
Database Flexible Servers
Risk Level: High
Cloud Entity: My SQL DB Flexible Server
CloudGuard Rule ID: D9.AZU.CRY.32
Covered by Spectral: No
Category: Database
GSL LOGIC
MySQLDBFlexibleServer should have parameters with [ name='require_secure_transport' and value regexMatch /[Oo][Nn]/ ]
REMEDIATION
From Portal
- Go to
Azure Database for MySQL server
from Azure Management console and choose your MySQL database Flexible server that you want to examine. - In the navigation panel, under Settings, select 'Connect'.
- Under 'Pre-Requisites check', select 'Enable SSL to secure connections'.
- Click Save.
From TF
Set the 'ssl_enforcement_enabled' to 'true':
resource 'azurerm_mysql_server' 'example' {
..
ssl_enforcement_enabled = true
..
}
From Command Line
Run
az mysql flexible-server parameter set --name require_secure_transport --resource-group RESOURCEGROUPNAME --server-name SERVERNAME --value ON
References
- https://docs.microsoft.com/en-us/azure/mysql/concepts-ssl-connection-security
- https://docs.microsoft.com/en-us/cli/azure/mysql/flexible-server/parameter?view=azure-cli-latest#az-mysql-flexible-server-parameter-set
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_enforcement_enabled
My SQL DB Flexible Server
Azure Database for MySQL Flexible Server is a fully managed production-ready database service designed for more granular control and flexibility over database management functions and configuration settings. The flexible server architecture allows users to opt for high availability within single availability zone and across multiple availability zones.
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CSA CCM v.4.0.1
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago