SSL should be enforced on database connections where applicable
Default Severity: medium
Explanation
SSL connections should be enforced were available to ensure secure transfer and reduce the risk of compromising data in flight.
Possible Impact
Insecure connections could lead to data loss and other vulnerabilities
Suggested Resolution
Enable SSL enforcement
Insecure Example
The following example will fail the azure-database-enable-ssl-enforcement check.
resource "azurerm_postgresql_server" "bad_example" {
name = "bad_example"
public_network_access_enabled = false
ssl_enforcement_enabled = false
ssl_minimal_tls_version_enforced = "TLS1_2"
}
Secure Example
The following example will pass the azure-database-enable-ssl-enforcement check.
resource "azurerm_postgresql_server" "good_example" {
name = "good_example"
public_network_access_enabled = false
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
}