Detections
Analytics

Ensure infrastructure encryption for Azure PostgreSQL Server is enabled

MEDIUM

Description

Azure PostgreSQL can utilize additional infrastructure encryption which can add a second layer of encryption at a stage closer to the hardware for protecting data at-rest. For more information on infrastructure encryption within PostgreSQL, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-infrastructure-double-encryption

Remediation

At this time, the console UI does not have remediation steps available. For possible CLI remediation, see the product documentation (below) or use Terraform.

In Terraform -

  1. In the azurerm_postgresql_configuration resource, set infrastructure_encryption_enabled to true.

References:
https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-infrastructure-double-encryption
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#infrastructure_encryption_enabled

Policy Details

Rule Reference ID: AC_AZURE_0398
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_postgresql_server
Resource Category: Database
Resource Type: PostgreSQL

Frameworks