SSL connection should be enabled on PostgreSQL database servers

azure.dbforpostgresql

Warning: This rule will be deprecated 18 December 2023 as part of the update to Azure CIS version 2.0.0

Description

Enable SSL connection on PostgreSQL Servers.

Rationale

SSL connectivity helps to provide a new layer of security by connecting database servers to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between a database server and its client applications helps protect against “man in the middle” attacks by encrypting the data stream between the server and application.

Remediation

From the console

  1. Login to Azure Portal using https://portal.azure.com
  2. Go to Azure Database for PostgreSQL server
  3. For each database, click on Connection security
  4. In SSL settings, click on Enabled to enforce SSL connection

From the command line

az postgres server update --resource-group <resourceGroupName> --name <serverName> --ssl-enforcement Enabled

References

  1. https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security
  2. https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit