Ensure PostgreSQL server disables public network access

Error: PostgreSQL server does not disable public network access

Bridgecrew Policy ID: BC_AZR_NETWORKING_20
Checkov Check ID: CKV_AZURE_68
Severity: LOW

PostgreSQL server does not disable public network access

Description

Disabling the public network access property improves security by ensuring your Azure Database for PostgreSQL single servers can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.

Fix - Buildtime

Terraform

  • Resource: azurerm_postgresql_server
  • Argument: public_network_access_enabled
resource "azurerm_postgresql_server" "example" {
              ...
+             public_network_access_enabled    = false
              ...
            }