---
title: SSL enforce disabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > SSL enforce disabled
---

# SSL enforce disabled

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `961ce567-a16d-4d7d-9027-f0ec2628a555`

**Cloud Provider:** Azure

**Platform:** Ansible

**Severity:** Medium

**Category:** Encryption

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_postgresqlserver_module.html#parameter-enforce_ssl)

### Description{% #description %}

PostgreSQL servers must enforce SSL connections to ensure client‑server traffic is encrypted and prevent credential exposure in transit. For Ansible playbooks using the `azure.azcollection.azure_rm_postgresqlserver` or `azure_rm_postgresqlserver` modules, the `enforce_ssl` parameter must be set to `true` (Ansible `yes`/true). Tasks that omit `enforce_ssl` (it defaults to `false`) or set it to `false` are flagged as insecure.

Secure configuration example:

```yaml
- name: Create PostgreSQL server with SSL enforced
  azure.azcollection.azure_rm_postgresqlserver:
    name: mypgserver
    resource_group: my-rg
    location: eastus
    enforce_ssl: yes
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
- name: Create (or update) PostgreSQL Server
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: yes
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server2
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: Yes
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server3
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: true
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server4
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: true
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server5
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: yes
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server6
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: Yes
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server7
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: 'true'
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server8
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: 'True'
    admin_username: cloudsa
    admin_password: password
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
- name: Create (or update) PostgreSQL Server
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) PostgreSQL Server2
  azure.azcollection.azure_rm_postgresqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: no
    admin_username: cloudsa
    admin_password: password
```