last sync: 2020-Sep-22 14:52:15 UTC

Azure Policy

Enforce SSL connection should be enabled for PostgreSQL database servers

Policy DisplayName Enforce SSL connection should be enabled for PostgreSQL database servers
Policy Id d158790f-bfb0-486c-8631-2dc6b4e8e6af
Policy Category SQL
Policy Description This policy audits any PostgreSQL server that is not enforcing SSL connection. Azure Database for PostgreSQL prefers connecting your client applications to the PostgreSQL service using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man-in-the-middle' attacks by encrypting the data stream between the server and your application
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Disabled)
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d
[Preview]: Azure Security Benchmark 42a694ed-f65e-42b2-aa9e-8052e9740a92
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab
Policy Rule
{
  "properties": {
    "displayName": "Enforce SSL connection should be enabled for PostgreSQL database servers",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy audits any PostgreSQL server that is not enforcing SSL connection. Azure Database for PostgreSQL prefers connecting your client applications to the PostgreSQL service using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man-in-the-middle' attacks by encrypting the data stream between the server and your application",
    "metadata": {
      "version": "1.0.0",
      "category": "SQL"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DBforPostgreSQL/servers"
          },
          {
            "field": "Microsoft.DBforPostgreSQL/servers/sslEnforcement",
            "exists": "true"
          },
          {
            "field": "Microsoft.DBforPostgreSQL/servers/sslEnforcement",
            "notEquals": "Enabled"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/d158790f-bfb0-486c-8631-2dc6b4e8e6af",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "d158790f-bfb0-486c-8631-2dc6b4e8e6af"
}