For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/terraform-azure-mariadb-not-using-latest-tls.md.
A documentation index is available at /llms.txt.
Using outdated TLS versions in Azure MariaDB servers exposes your database to known vulnerabilities and encryption weaknesses, potentially allowing attackers to intercept and decrypt sensitive data. Without proper SSL enforcement and TLS 1.2 (or higher) configuration, your database communications remain susceptible to man-in-the-middle attacks and other security exploits that have been addressed in newer TLS versions.
To secure your Azure MariaDB server, you must set both the ssl_enforcement_enabled flag to true and ssl_minimal_tls_version_enforced to TLS1_2, as shown in the following example:
# Passing example: ssl_minimal_tls_version_enforced not defined (defaults to TLS1_2)
resource"azurerm_mariadb_server""good_example_default"{name="good-mariadb-server-default"location="East US"resource_group_name="example-rg"ssl_enforcement_enabled=["true"] # ssl_minimal_tls_version_enforced not specified → defaults to TLS1_2
}
Non-Compliant Code Examples
# Failing example: ssl_enforcement_enabled is not "true"
resource"azurerm_mariadb_server""bad_example"{name="bad-mariadb-server"location="East US"resource_group_name="example-rg"ssl_enforcement_enabled=["false"] # ❌ Incorrect value
ssl_minimal_tls_version_enforced=["TLS1_2"] # Even if TLS is correct, enforcement flag is wrong
}# Failing example: ssl_enforcement_enabled is "true" but minimal TLS is set incorrectly
resource"azurerm_mariadb_server""bad_example2"{name="bad-mariadb-server-2"location="East US"resource_group_name="example-rg"ssl_enforcement_enabled=["true"]ssl_minimal_tls_version_enforced=["TLS1_0"] # ❌ Incorrect TLS version
}
1
2
rulesets:- Terraform / Azure # Rules to enforce / Azure.
Request a personalized demo
Get Started with Datadog
Ask AI
AI-generated responses may be inaccurate. Verify important info.
