azure-db-public-ingress

Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)

As a best practice, database firewall rules should restrict ingress traffic to only authorized addresses. These might include your local network CIDR range or the public IPs of your on premise datacenters.

Examples

Insecure Example

resource "azurerm_mariadb_firewall_rule" "example" {
  name                = "test-rule"
  resource_group_name = "test-rg"
  server_name         = "test-server"
  start_ip_address    = "0.0.0.0"
  end_ip_address      = "0.0.0.0"
}

Secure Example

resource "azurerm_mariadb_firewall_rule" "example" {
  name                = "test-rule"
  resource_group_name = "test-rg"
  server_name         = "test-server"
  start_ip_address    = "10.0.0.0"
  end_ip_address      = "10.255.255.255"
}

More information

• Azure Docs
• Terraform Docs