Ensure public access is disabled for Azure PostgreSQL Server

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Open the Azure Portal and go to Azure Database for PostgreSQL servers.
Choose the PostgreSQL server you wish to edit.
Under Networking, set Connectivity method to Public access (allowed IP addresses).
Select save.

In Terraform -

In the azurerm_postgresql_configuration resource, set public_network_access_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/quickstart-create-server-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server

Policy Details

Rule Reference ID: AC_AZURE_0404

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_postgresql_server

Resource Category: Database

Resource Type: PostgreSQL

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2