Ensure TLS connection is enabled for Azure PostgreSQL Server

MEDIUM

Description

Enabling end-to-end TLS encryption can help keep data in-transit protected. In addition, using the latest version of TLS and modern ciphers can help keep data in-transit protected from man-in-the-middle and similar attacks.

Remediation

In Azure Console -

Open the Azure Portal and go to Azure Database for PostgreSQL servers.
Choose the PostgreSQL server you wish to edit.
Under Connection strings, verify sslmode is set to require.
Select save.

In Terraform -

In the azurerm_postgresql_configuration resource, set ssl_minimal_tls_version_enforced to TLS1_2.

References:
https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#ssl_minimal_tls_version_enforced

Policy Details

Rule Reference ID: AC_AZURE_0400

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_postgresql_server

Resource Category: Database

Resource Type: PostgreSQL

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2

Detections

Analytics