Ensure that PostgreSQL database servers are using the latest major version of PostgreSQL database
Enforce using the latest major version of PostgreSQL for database servers to ensure access to the latest features, security enhancements, and performance improvements.
Risk Level: High
Cloud Entity: Azure Database for PostgreSQL
CloudGuard Rule ID: D9.AZU.NET.76
Covered by Spectral: No
Category: Database
GSL LOGIC
PostgreSQL should have version='11'
REMEDIATION
From Portal
- Go to 'Azure Database for PostgreSQL servers' and create a new PostgreSQL server instance.
- Select the latest major version of PostgreSQL database.
- Create a new PostgreSQL server.
- Migrate your old PostgreSQL server to the new instance.
From TF
resource 'azurerm_postgresql_server' 'example' {
...
version = '11'
}
From Command Line
- Run the following command to create a new PostgreSQL server.
az postgres server create --name NAME --resource-group RESOURCEGROUP --location LOCATION --admin-user LOGIN --admin-password PASSWORD --sku-name SKU_NAME
References
- https://learn.microsoft.com/en-us/azure/postgresql/single-server/quickstart-create-server-database-azure-cli
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server.html
- https://learn.microsoft.com/en-us/azure/postgresql/migrate/how-to-migrate-using-dump-and-restore
Azure Database for PostgreSQL
Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. It's a fully managed database as a service offering that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability. It's available in two deployment options, Single Server and Hyperscale (Citus) (preview). The Hyperscale (Citus) option horizontally scales queries across multiple machines using sharding, and serves applications that require greater scale and performance
Compliance Frameworks
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago