Ensure missing service endpoints are disabled for Azure PostgreSQL Virtual Network Rule

MEDIUM

Description

Missing service endpoints are in use for Azure PostgreSQL Server, they can impact the availability.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Azure Database for PostgreSQL servers.
  2. Choose the PostgreSQL server you wish to edit.
  3. Under Networking, set Connectivity method to Private access (VNet Integration).
  4. Select save.

In Terraform -

  1. In the azurerm_postgresql_virtual_network_rule resource, set ignore_missing_vnet_service_endpoint to true.

References:
https://azure.microsoft.com/en-in/blog/vnet-service-endpoints-for-azure-database-services-for-mysql-and-postgresql-in-preview/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_virtual_network_rule#ignore_missing_vnet_service_endpoint

Policy Details

Rule Reference ID: AC_AZURE_0395
CSP: Azure
Remediation Available: Yes
Resource Category: Virtual Network
Resource Type: Security Group

Frameworks