MySQL SSL connection disabled

Ce produit n'est pas pris en charge par le site Datadog que vous avez sélectionné. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: 2a901825-0f3b-4655-a0fe-e0470e50f8e6

Cloud Provider: Azure

Platform: Ansible

Severity: Medium

Category: Encryption

Learn More

Description

MySQL servers must enforce SSL/TLS connections to protect data in transit and prevent interception or man-in-the-middle attacks. For Ansible tasks using the azure.azcollection.azure_rm_mysqlserver or azure_rm_mysqlserver modules, the enforce_ssl property must be defined and set to true so the server requires TLS for client connections.

Resources missing this property or with enforce_ssl: false (the default) are flagged. Use Ansible boolean values such as true or yes to enable this setting. The rule treats Ansible truthy values as valid.

- name: Create Azure MySQL server with SSL enforced
  azure.azcollection.azure_rm_mysqlserver:
    name: my-mysql-server
    resource_group: my-rg
    location: eastus
    sku: B_Gen5_1
    version: "5.7"
    administrator_login: adminuser
    administrator_login_password: "{{ mysql_password }}"
    enforce_ssl: true

Compliant Code Examples

- name: Create (or update) MySQL Server
  azure.azcollection.azure_rm_mysqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: true
    version: 5.6
    admin_username: cloudsa
    admin_password: password

Non-Compliant Code Examples

---
- name: Create (or update) MySQL Server
  azure.azcollection.azure_rm_mysqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    version: 5.6
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) MySQL Server2
  azure.azcollection.azure_rm_mysqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: false
    version: 5.6
    admin_username: cloudsa
    admin_password: password