PostgreSQL Database Server 'Allow access to Azure services' enabled

Description

When 'Allow access to Azure services' settings is enabled, PostgreSQL Database server will accept connections from all Azure resources including other subscription resources as well. It is recommended to use firewall rules or VNET rules to allow access from specific network ranges or virtual networks.

Fix - Runtime

In Azure Console

Login to Azure console
Navigate to 'Azure Database for PostgreSQL servers' dashboard
Select the reported PostgreSQL server
Go to 'Connection security' under 'Settings'
Select 'No' for 'Allow access to Azure services' under 'Firewall rules'
Click on 'Save'

Fix - Buildtime

Terraform

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_sql_server" "sql_server_good" {
  name                         = "mysqlserver"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = "West US"
  version                      = "12.0"
  administrator_login          = "4dm1n157r470r"
  administrator_login_password = "4-v3ry-53cr37-p455w0rd"
}

resource "azurerm_sql_firewall_rule" "firewall_rule_good" {
  name                = "FirewallRule1"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.sql_server_good.name
  start_ip_address    = "10.0.17.62"
  end_ip_address      = "10.0.17.62"
}