Ensure regular backups are enabled for Azure MariaDB Server

MEDIUM

Description

Enabling automatic backups can help prevent data loss for a MariaDB server. Azure can create and save backups in either locally redundant or geo-redundant storage for greater resiliency. The maximum retention period for MariaDB backup storage is 35 days and they are encrypted by default. For more information, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/mariadb/concepts-backup

Remediation

In Azure Console -

Open the Azure Portal and go to Azure Database for MariaDB servers.
Choose the MariaDB server you wish to edit.
Under Pricing tier, set Backup Retention Period to a value defined by the organization.
Set Locally Redundant - Recover from data loss within region as Backup redundancy option
Select Apply

In Terraform -

In the azurerm_mariadb_server resource, set backup_retention_days to a value defined by the organization.

References:
https://learn.microsoft.com/en-us/azure/mariadb/howto-restore-server-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server#backup_retention_days

Policy Details

Rule Reference ID: AC_AZURE_0139

CSP: Azure

Remediation Available: Yes

Domain: Resilience

Resource: azurerm_mariadb_server

Resource Category: Database

Resource Type: MariaDB

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001

Detections

Analytics