Ensure PostgreSQL server disables public network access
Error: PostgreSQL server does not disable public network access
Bridgecrew Policy ID: BC_AZR_NETWORKING_20
Checkov Check ID: CKV_AZURE_68
Severity: LOW
PostgreSQL server does not disable public network access
Description
Disabling the public network access property improves security by ensuring your Azure Database for PostgreSQL single servers can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.
Fix - Buildtime
Terraform
- Resource: azurerm_postgresql_server
- Argument: public_network_access_enabled
resource "azurerm_postgresql_server" "example" {
...
+ public_network_access_enabled = false
...
}
Updated about 1 year ago