Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Single Server
Enable SSL connection
on MYSQL
Database Single Server
Risk Level: High
Cloud Entity: My SQL DB Single Server
CloudGuard Rule ID: D9.AZU.CRY.34
Covered by Spectral: No
Category: Database
GSL LOGIC
MySQLDBSingleServer should have properties.sslEnforcement='Enabled'
REMEDIATION
From Portal
- Go to
Azure Database for MySQL server
from Azure Management console and choose your MySQL database single server that you want to examine. - In the navigation panel, under Settings, select 'Connection security'.
- Under 'SSL settings', click 'Enabled' on 'Enforce SSL connections'.
- Click Save.
From TF
Set the 'ssl_enforcement_enabled' to 'true':
resource 'azurerm_mysql_server' 'example' {
..
ssl_enforcement_enabled = true
..
}
From Command Line
Run
az mysql server update --resource-group RESOURCEGROUPNAME --name SERVERNAME --ssl-enforcement Enabled
References
- https://docs.microsoft.com/en-us/azure/mysql/concepts-ssl-connection-security
- https://docs.microsoft.com/en-us/cli/azure/mysql/server?view=azure-cli-latest#az-mysql-server-update
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_enforcement_enabled
My SQL DB Single Server
Azure Database for MySQL Single Server is a fully managed database service designed for minimal customization. The single server platform is designed to handle most of the database management functions such as patching, backups, high availability, security with minimal user configuration and control.
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago