Ensure Azure PostgreSQL Flexible Server enables geo-redundant backups
Error: Azure PostgreSQL Flexible Server does not enable geo-redundant backups
Bridgecrew Policy ID: BC_AZR_GENERAL_87
Checkov Check ID: CKV_AZURE_136
Severity: LOW
Azure PostgreSQL Flexible Server does not enable geo-redundant backups
Description
Azure PostgreSQL Flexible Server allows you to choose between locally redundant or geo-redundant backup storage in the General Purpose and Memory Optimized tiers. When the backups are stored in geo-redundant backup storage, they are not only stored within the region in which your server is hosted, but are also replicated to a paired data center. This provides better protection and ability to restore your server in a different region in the event of a disaster.
Fix - Runtime
TBA
Fix - Buildtime
Terraform
- Resource: azurerm_postgresql_flexible_server
- Argument: geo_redundant_backup_enabled
resource "azurerm_postgresql_flexible_server" "pass" {
name = "example-psqlflexibleserver"
resource_group_name = "azurerm_resource_group.example.name"
location = "azurerm_resource_group.example.location"
version = "12"
delegated_subnet_id = "azurerm_subnet.example.id"
private_dns_zone_id = "azurerm_private_dns_zone.example.id"
administrator_login = "psqladmin"
administrator_password = "[email protected]!"
zone = "1"
storage_mb = 32768
geo_redundant_backup_enabled = true
sku_name = "GP_Standard_D4s_v3"
depends_on = ["azurerm_private_dns_zone_virtual_network_link.example"]
}
Updated 6 months ago