Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server

HIGH

Description

Enabling end-to-end TLS encryption can help keep data in-transit protected. In addition, using the latest version of TLS and modern ciphers can help keep data in-transit protected from man-in-the-middle and similar attacks.

Remediation

In Azure Console -

Open the Azure Portal and go to Azure Database for MariaDB servers.
Choose the MariaDB server you wish to edit.
Under Connection Security, set Enforce SSL connection to enabled.
Select Save

In Terraform -

In the azurerm_mariadb_server resource, set ssl_enforcement_enabled to true.

References:
https://learn.microsoft.com/en-us/azure/mariadb/howto-configure-ssl
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server#ssl_enforcement_enabled

Policy Details

Rule Reference ID: AC_AZURE_0141

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_mariadb_server

Resource Category: Database

Resource Type: MariaDB

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics