Control: Ensure server parameter 'tls_version' is set to 'TLSv1.2' (or higher) for MySQL flexible server
Description
Ensure tls_version on MySQL flexible servers is set to use TLS version 1.2 or higher.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.mysql_flexible_server_min_tls_1_2Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.mysql_flexible_server_min_tls_1_2 --shareSQL
This control uses a named query:
with tls_version as( select id from azure_mysql_flexible_server, jsonb_array_elements(flexible_server_configurations) as config where config ->> 'Name' = 'tls_version' and config -> 'ConfigurationProperties' ->> 'value' = 'TLSv1.2,TLSv1.3')select s.id as resource, case when a.id is not null then 'ok' else 'alarm' end as status, case when a.id is not null then s.title || ' minimum TLS version set to TLSv1.2,TLSv1.3.' else s.title || ' minimum TLS version not set to TLSv1.2,TLSv1.3.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_mysql_flexible_server as s left join tls_version as a on s.id = a.id, azure_subscription as subwhere sub.subscription_id = s.subscription_id;