Ensure MariaDB server enables geo-redundant backups

Error: MariaDB server does not enable geo-redundant backups

Bridgecrew Policy ID: BC_AZR_GENERAL_18
Checkov Check ID: CKV_AZURE_129
Severity: LOW

MariaDB server does not enable geo-redundant backups

Description

Ensure that your Microsoft Azure MariaDB database servers have geo-redundant backups enabled, to allow you to restore your MariaDB servers to a different Azure region in the event of a regional outage or a disaster.

Geo-restore is the default recovery option when your MariaDB database server is unavailable because of a large-scale incident, such as a natural disaster, occurs in the region where the database server is hosted. .During geo-restore, the MariaDB server configuration can be changed. These configuration changes include compute generation, vCore, backup retention period and backup redundancy options.

Fix - Runtime

In Azure console

  1. Sign in to Azure Management Console.
  2. Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.
  3. From the Type filter box, select Azure Database for MariaDB server to list the MariaDB servers provisioned within your Azure account.
  4. Click on the name of the MariaDB database server that you want to examine.
  5. In the navigation panel, under Settings, select Pricing tier to access the pricing tier settings available for the selected MariaDB server.
  6. On the Pricing tier page, in the Backup Redundancy Options section, check the backup redundancy tier configured for the database server. If the selected tier is Locally Redundant, the data can be recovered from within the current region only, therefore the Geo-Redundant backup feature is not enabled for the selected Microsoft Azure MariaDB database server.
  7. Repeat steps no. 4 – 6 for each MariaDB database server available in the current Azure subscription.
  8. Repeat steps no. 3 – 7 for each subscription created in your Microsoft Azure cloud account.

Fix - Buildtime

Terraform

  • Resource: azurerm_mariadb_server
  • Argument: geo_redundant_backup_enabled
resource "azurerm_mariadb_server" "example" {
            ...
+           geo_redundant_backup_enabled  = true
        }

Did this page help you?