enable-ssl-enforcement

Explanation

SSL connections should be enforced were available to ensure secure transfer and reduce the risk of compromising data in flight.

Possible Impact

Insecure connections could lead to data loss and other vulnerabilities

Suggested Resolution

Enable SSL enforcement

Insecure Example

The following example will fail the azure-database-enable-ssl-enforcement check.

resource "azurerm_postgresql_server" "bad_example" {
  name                = "bad_example"

  public_network_access_enabled    = false
  ssl_enforcement_enabled          = false
  ssl_minimal_tls_version_enforced = "TLS1_2"
}

Secure Example

The following example will pass the azure-database-enable-ssl-enforcement check.

resource "azurerm_postgresql_server" "good_example" {
  name                = "good_example"

  public_network_access_enabled    = false
  ssl_enforcement_enabled          = true
  ssl_minimal_tls_version_enforced = "TLS1_2"
}

Related Links

• https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#ssl_enforcement_enabled

• https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#ssl_enforcement_enabled

• https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server#ssl_enforcement_enabled