Ensure Azure PostgreSQL Flexible Server enables geo-redundant backups

Error: Azure PostgreSQL Flexible Server does not enable geo-redundant backups

Bridgecrew Policy ID: BC_AZR_GENERAL_87
Checkov Check ID: CKV_AZURE_136
Severity: LOW

Azure PostgreSQL Flexible Server does not enable geo-redundant backups

Description

Azure PostgreSQL Flexible Server allows you to choose between locally redundant or geo-redundant backup storage in the General Purpose and Memory Optimized tiers. When the backups are stored in geo-redundant backup storage, they are not only stored within the region in which your server is hosted, but are also replicated to a paired data center. This provides better protection and ability to restore your server in a different region in the event of a disaster.

Fix - Runtime

TBA

Fix - Buildtime

Terraform

Resource: azurerm_postgresql_flexible_server
Argument: geo_redundant_backup_enabled

resource "azurerm_postgresql_flexible_server" "pass" {
  name                   = "example-psqlflexibleserver"
  resource_group_name    = "azurerm_resource_group.example.name"
  location               = "azurerm_resource_group.example.location"
  version                = "12"
  delegated_subnet_id    = "azurerm_subnet.example.id"
  private_dns_zone_id    = "azurerm_private_dns_zone.example.id"
  administrator_login    = "psqladmin"
  administrator_password = "H@Sh1CoR3!"
  zone                   = "1"

  storage_mb                   = 32768
  geo_redundant_backup_enabled = true

  sku_name   = "GP_Standard_D4s_v3"
  depends_on = ["azurerm_private_dns_zone_virtual_network_link.example"]

}

Updated 10 months ago