Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Single Server

Enable SSL connection on MYSQL Database Single Server

Suggest Edits

Risk Level: High
Cloud Entity: My SQL DB Single Server
CloudGuard Rule ID: D9.AZU.CRY.34
Covered by Spectral: No
Category: Database

GSL LOGIC

MySQLDBSingleServer should have properties.sslEnforcement='Enabled'

REMEDIATION

From Portal

  1. Go to Azure Database for MySQL server from Azure Management console and choose your MySQL database single server that you want to examine.
  2. In the navigation panel, under Settings, select 'Connection security'.
  3. Under 'SSL settings', click 'Enabled' on 'Enforce SSL connections'.
  4. Click Save.

From TF
Set the 'ssl_enforcement_enabled' to 'true':

resource 'azurerm_mysql_server' 'example' {
	..
	ssl_enforcement_enabled = true
	..
}

From Command Line
Run

az mysql server update --resource-group RESOURCEGROUPNAME --name SERVERNAME --ssl-enforcement Enabled

References

  1. https://docs.microsoft.com/en-us/azure/mysql/concepts-ssl-connection-security
  2. https://docs.microsoft.com/en-us/cli/azure/mysql/server?view=azure-cli-latest#az-mysql-server-update
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_enforcement_enabled

My SQL DB Single Server

Azure Database for MySQL Single Server is a fully managed database service designed for minimal customization. The single server platform is designed to handle most of the database management functions such as patching, backups, high availability, security with minimal user configuration and control.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset

Updated 7 months ago