Skip to content

BoostSecurity

azure-mariadb-public-ingress

azure-mariadb-public-ingress¶

Ensure 'public network access enabled' is set to 'False' for MariaDB servers

As an additional precaution, it is best practice to ensure that your mariadb server instances do not allow access to the public network.

Examples¶

Insecure Example

resource "azurerm_mariadb_server" "example" {
  name                = "example-mariadb-server"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  administrator_login          = "mariadbadmin"
  administrator_login_password = "H@Sh1CoR3!"

  sku_name   = "B_Gen5_2"
  storage_mb = 5120
  version    = "10.2"

  auto_grow_enabled             = true
  backup_retention_days         = 7
  geo_redundant_backup_enabled  = false
  public_network_access_enabled = true  # (default value is true)
  ssl_enforcement_enabled       = true
}

Secure Example

resource "azurerm_mariadb_server" "example" {
  name                = "example-mariadb-server"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  administrator_login          = "mariadbadmin"
  administrator_login_password = "H@Sh1CoR3!"

  sku_name   = "B_Gen5_2"
  storage_mb = 5120
  version    = "10.2"

  auto_grow_enabled             = true
  backup_retention_days         = 7
  geo_redundant_backup_enabled  = false
  public_network_access_enabled = false
  ssl_enforcement_enabled       = true
}

More information¶