Ensure Azure MariaDB servers dont have public network access

mariadb_public_access

Severity

high

Vendor

Azure

Resource

MariaDB Server

Description

To enhance the security of your MariaDB servers, it is advisable to disable public network access by setting the 'public network access' option to 'False.'

This practice restricts server accessibility exclusively to your private network, guarding against unauthorized external connections. This precaution is particularly vital when your MariaDB servers house sensitive or confidential data, as it ensures that only trusted entities within your organization can access the database, reducing the risk of potential security breaches and safeguarding critical information effectively.

Examples

Terraform

resource "azurerm_mariadb_server"{
  name                = var.server_name
  location            = var.resource_group.location
  resource_group_name = var.resource_group.name
  sku_name   = "B_Gen5_2"
  storage_mb = 5120
  version    = "10.2"
  auto_grow_enabled             = true
  backup_retention_days         = 7
  geo_redundant_backup_enabled  = false
  public_network_access_enabled = true (1)
  ssl_enforcement_enabled = true
}

1	Public access is enabled. (The default option is also true)

Mitigation / Fix

Buildtime

Terraform

resource "azurerm_mariadb_server"{
  name                = var.server_name
  location            = var.resource_group.location
  resource_group_name = var.resource_group.name
  sku_name   = "B_Gen5_2"
  storage_mb = 5120
  version    = "10.2"
  auto_grow_enabled             = true
  backup_retention_days         = 7
  geo_redundant_backup_enabled  = false
  public_network_access_enabled = false (1)
  ssl_enforcement_enabled = true
}

1	Ensure public access is explicitly disabled.