Ensure My SQL server enables geo-redundant backups

Error: My SQL server disables geo-redundant backups

Bridgecrew Policy ID: BC_AZR_GENERAL_19
Checkov Check ID: CKV_AZURE_94
Severity: LOW

My SQL server disables geo-redundant backups

Description

Ensure that your Microsoft Azure My SQL database servers have geo-redundant backups enabled, to allow you to restore your My SQL servers to a different Azure region in the event of a regional outage or a disaster.

Geo-restore is the default recovery option when your My SQL database server is unavailable because of a large-scale incident, such as a natural disaster, occurs in the region where the database server is hosted. .During geo-restore, the My SQL server configuration can be changed. These configuration changes include compute generation, vCore, backup retention period and backup redundancy options.

Fix - Runtime

In Azure console

  1. Sign in to Azure Management Console.
  2. Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.
  3. From the Type filter box, select Azure Database for My SQL server to list the My SQL servers provisioned within your Azure account.
  4. Click on the name of the My SQL database server that you want to examine.
  5. In the navigation panel, under Settings, select Pricing tier to access the pricing tier settings available for the selected My SQL server.
  6. On the Pricing tier page, in the Backup Redundancy Options section, check the backup redundancy tier configured for the database server. If the selected tier is Locally Redundant, the data can be recovered from within the current region only, therefore the Geo-Redundant backup feature is not enabled for the selected Microsoft Azure My SQL database server.
  7. Repeat steps no. 4 – 6 for each My SQL database server available in the current Azure subscription.
  8. Repeat steps no. 3 – 7 for each subscription created in your Microsoft Azure cloud account.

Fix - Buildtime

Terraform

  • Resource: azurerm_mysql_server
  • Argument: geo_redundant_backup_enabled
resource "azurerm_mysql_server" "example" {
  ...
+ geo_redundant_backup_enabled = true
}