MySQL SSL connection disabled
This product is not supported for your selected
Datadog site. (
).
Id: 2a901825-0f3b-4655-a0fe-e0470e50f8e6
Cloud Provider: Azure
Platform: Ansible
Severity: Medium
Category: Encryption
Learn More
Description
MySQL servers must enforce SSL/TLS connections to protect data in transit and prevent interception or man-in-the-middle attacks. For Ansible tasks using the azure.azcollection.azure_rm_mysqlserver or azure_rm_mysqlserver modules, the enforce_ssl property must be defined and set to true so the server requires TLS for client connections.
Resources missing this property or with enforce_ssl: false (the default) are flagged. Use Ansible boolean values such as true or yes to enable this setting. The rule treats Ansible truthy values as valid.
- name: Create Azure MySQL server with SSL enforced
azure.azcollection.azure_rm_mysqlserver:
name: my-mysql-server
resource_group: my-rg
location: eastus
sku: B_Gen5_1
version: "5.7"
administrator_login: adminuser
administrator_login_password: "{{ mysql_password }}"
enforce_ssl: true
Compliant Code Examples
- name: Create (or update) MySQL Server
azure.azcollection.azure_rm_mysqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: true
version: 5.6
admin_username: cloudsa
admin_password: password
Non-Compliant Code Examples
---
- name: Create (or update) MySQL Server
azure.azcollection.azure_rm_mysqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
version: 5.6
admin_username: cloudsa
admin_password: password
- name: Create (or update) MySQL Server2
azure.azcollection.azure_rm_mysqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: false
version: 5.6
admin_username: cloudsa
admin_password: password
