Detections
Analytics

Ensure backup retention period is enabled for Azure PostgreSQL Server

HIGH

Description

Enabling automatic backups can help prevent data loss for a PostgreSQL server. Azure can create and save backups in either locally redundant or geo-redundant storage for greater resiliency, with geo-redundant storage providing the greatest availability. The maximum retention period for PostgreSQL backup storage is 35 days and they are encrypted by default. For more information, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-backup

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Azure Database for PostgreSQL servers.
  2. Choose the PostgreSQL server you wish to edit.
  3. Under Server parameters, verify retention_period_in_days is set to a value specified by the organization.
  4. Select save.

In Terraform -

  1. In the azurerm_postgresql_configuration resource, set backup_retention_days to a value specified by the organization.

References:
https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-backup
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#backup_retention_days

Policy Details

Rule Reference ID: AC_AZURE_0260
CSP: Azure
Remediation Available: Yes
Domain: Compliance Validation
Resource: azurerm_postgresql_server
Resource Category: Database
Resource Type: PostgreSQL

Frameworks