Ensure public access is disabled for Azure MariaDB Server

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Open the Azure Portal and go to Azure Database for MariaDB servers.
Choose the MariaDB server you wish to edit.
Under Connection Security, set Deny public network access to Yes.
Select Save

In Terraform -

In the azurerm_mariadb_server resource, set public_network_access_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/mariadb/howto-deny-public-network-access
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server#public_network_access_enabled

Policy Details

Rule Reference ID: AC_AZURE_0140

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_mariadb_server

Resource Category: Database

Resource Type: MariaDB

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics