AD admin not configured for SQL server

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > AD admin not configured for SQL server

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: b176e927-bbe2-44a6-a9c3-041417137e5f

Cloud Provider: Azure

Platform: Ansible

Severity: Medium

Category: Insecure Configurations

Learn More

Provider Reference

Description

SQL servers should have an Active Directory administrator configured to enforce centralized identity, stronger authentication, and auditable access controls. Relying solely on SQL authentication increases the attack surface and makes access management and auditing more difficult. For Ansible, tasks using the azure.azcollection.azure_rm_sqlserver or azure_rm_sqlserver module must define the ad_user property and set it to a valid Azure AD principal (for example, a user UPN or objectId). Resources missing ad_user or with it empty or undefined are flagged.

Secure example:

- name: Create Azure SQL Server with AD admin
  azure.azcollection.azure_rm_sqlserver:
    name: my-sql-server
    resource_group: my-rg
    location: eastus
    ad_user: "adminuser@contoso.com"
    admin_password: "secure-password"

Compliant Code Examples

- name: Create (or update) SQL Server
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name
    location: westus
    admin_username: mylogin
    admin_password: Testpasswordxyz12!
    ad_user: sqladmin

Non-Compliant Code Examples

---
- name: Create (or update) SQL Server
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name
    location: westus
    admin_username: mylogin
    admin_password: Testpasswordxyz12!