azure-db-public-ingress¶
Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
As a best practice, database firewall rules should restrict ingress traffic to only authorized addresses. These might include your local network CIDR range or the public IPs of your on premise datacenters.
Examples¶
Insecure Example
resource "azurerm_mariadb_firewall_rule" "example" {
name = "test-rule"
resource_group_name = "test-rg"
server_name = "test-server"
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
Secure Example
resource "azurerm_mariadb_firewall_rule" "example" {
name = "test-rule"
resource_group_name = "test-rg"
server_name = "test-server"
start_ip_address = "10.0.0.0"
end_ip_address = "10.255.255.255"
}