Ensure PostgreSQL server enables infrastructure encryption

Error: PostgreSQL server does not enable infrastructure encryption

Bridgecrew Policy ID: BC_AZR_GENERAL_24
Checkov Check ID: CKV_AZURE_130
Severity: LOW

PostgreSQL server does not enable infrastructure encryption

Description

Enable infrastructure encryption for Azure Database for PostgreSQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.

Fix - Buildtime

Terraform

  • Resource: azurerm_postgresql_server
  • Argument: infrastructure_encryption_enabled
resource "azurerm_postgresql_server" "example" {
              ...
+             infrastructure_encryption_enabled = true
            }