Ensure geo-redundant backups are enabled for Azure MariaDB Server

MEDIUM

Description

Enabling automatic backups can help prevent data loss for a MariaDB server. Azure can create and save backups in either locally redundant or geo-redundant storage for greater resiliency, with geo-redundant storage providing the greatest availability. The maximum retention period for MariaDB backup storage is 35 days and they are encrypted by default. For more information, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/mariadb/concepts-backup

Remediation

In Azure Console -

Open the Azure Portal and go to Azure Database for MariaDB servers.
Choose the MariaDB server you wish to edit.
Under Pricing tier, set Backup Retention Period to a value defined by the organization.
Set Geo-Redundant - Recover from regional outage or disaster as Backup redundancy option
Select Apply

In Terraform -

In the azurerm_mariadb_server resource, set geo_redundant_backup_enabled to true.

References:
https://learn.microsoft.com/en-us/azure/mariadb/howto-restore-server-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server#geo_redundant_backup_enabled

Policy Details

Rule Reference ID: AC_AZURE_0138

CSP: Azure

Remediation Available: Yes

Domain: Resilience

Resource: azurerm_mariadb_server

Resource Category: Database

Resource Type: MariaDB

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001

Detections

Analytics