Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Single Server

Enable SSL connection on MYSQL Database Single Server

Risk Level: High
Cloud Entity: My SQL DB Single Server
CloudGuard Rule ID: D9.AZU.CRY.34
Covered by Spectral: No
Category: Database


MySQLDBSingleServer should have properties.sslEnforcement='Enabled'


From Portal

  1. Go to Azure Database for MySQL server from Azure Management console and choose your MySQL database single server that you want to examine.
  2. In the navigation panel, under Settings, select 'Connection security'.
  3. Under 'SSL settings', click 'Enabled' on 'Enforce SSL connections'.
  4. Click Save.

From TF
Set the 'ssl_enforcement_enabled' to 'true':

resource 'azurerm_mysql_server' 'example' {
	ssl_enforcement_enabled = true

From Command Line

az mysql server update --resource-group RESOURCEGROUPNAME --name SERVERNAME --ssl-enforcement Enabled


  1. https://docs.microsoft.com/en-us/azure/mysql/concepts-ssl-connection-security
  2. https://docs.microsoft.com/en-us/cli/azure/mysql/server?view=azure-cli-latest#az-mysql-server-update
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_enforcement_enabled

My SQL DB Single Server

Azure Database for MySQL Single Server is a fully managed database service designed for minimal customization. The single server platform is designed to handle most of the database management functions such as patching, backups, high availability, security with minimal user configuration and control.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset