Benchmark: 5.2 Azure Database for PostgreSQL
Overview
This section covers security best practice recommendations for Azure PostgreSQL Database Servers.
Azure Product Page: https://azure.microsoft.com/en-us/products/postgresql/
RETIREMENT of Azure PostgreSQL Single Server: Azure PostgreSQL Single Server is slated for retirement by March 25, 2025. Azure PostgreSQL Flexible Server is the newer deployment standard and is unaffected. Please use these resources to consider and prepare for migration:
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 5.2 Azure Database for PostgreSQL.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_5_2Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_5_2 --shareControls
- 5.2.1 Ensure server parameter 'require_secure_transport' is set to 'ON' for PostgreSQL flexible server
- 5.2.2 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL flexible Server
- 5.2.3 Ensure server parameter 'connection_throttle.enable' is set to 'ON' for PostgreSQL flexible Server
- 5.2.4 Ensure Server Parameter 'logfiles.retention_days' is greater than 3 days for PostgreSQL flexible Server
- 5.2.5 Ensure 'Allow public access from any Azure service within Azure to this server' for PostgreSQL flexible server is disabled
- 5.2.6 [LEGACY]Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL single Server
- 5.2.7 [LEGACY]Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL single Server
- 5.2.8 [LEGACY]Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'