terraform.azure.best-practice.azure-postgresql-flexi-server-geo-backup-enabled.azure-postgresql-flexi-server-geo-backup-enabled

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

Ensure that PostgreSQL Flexible server enables geo-redundant backups

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: azure-postgresql-flexi-server-geo-backup-enabled
    message: Ensure that PostgreSQL Flexible server enables geo-redundant backups
    patterns:
      - pattern: resource
      - pattern-not-inside: |
          resource "azurerm_postgresql_flexible_server" "..." {
          ...
          geo_redundant_backup_enabled = true
          ...
          }
      - pattern-inside: |
          resource "azurerm_postgresql_flexible_server" "..." {
          ...
          }
    metadata:
      category: best-practice
      technology:
        - terraform
        - azure
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - hcl
    severity: WARNING

Examples

azure-postgresql-flexi-server-geo-backup-enabled.tf

# pass
resource "azurerm_postgresql_flexible_server" "pass" {
  name                   = "example-psqlflexibleserver"
  resource_group_name    = "azurerm_resource_group.example.name"
  location               = "azurerm_resource_group.example.location"
  version                = "12"
  delegated_subnet_id    = "azurerm_subnet.example.id"
  private_dns_zone_id    = "azurerm_private_dns_zone.example.id"
  administrator_login    = "psqladmin"
  administrator_password = "H@Sh1CoR3!"
  zone                   = "1"

  storage_mb                   = 32768
  geo_redundant_backup_enabled = true

  sku_name   = "GP_Standard_D4s_v3"
  depends_on = ["azurerm_private_dns_zone_virtual_network_link.example"]

}

# fail
# ruleid: azure-postgresql-flexi-server-geo-backup-enabled
resource "azurerm_postgresql_flexible_server" "fail1" {
  name                   = "example-psqlflexibleserver"
  resource_group_name    = "azurerm_resource_group.example.name"
  location               = "azurerm_resource_group.example.location"
  version                = "12"
  delegated_subnet_id    = "azurerm_subnet.example.id"
  private_dns_zone_id    = "azurerm_private_dns_zone.example.id"
  administrator_login    = "psqladmin"
  administrator_password = "H@Sh1CoR3!"
  zone                   = "1"

  storage_mb                   = 32768
  geo_redundant_backup_enabled = false

  sku_name   = "GP_Standard_D4s_v3"
  depends_on = ["azurerm_private_dns_zone_virtual_network_link.example"]

}

# fail
# ruleid: azure-postgresql-flexi-server-geo-backup-enabled
resource "azurerm_postgresql_flexible_server" "fail2" {
  name                   = "example-psqlflexibleserver"
  resource_group_name    = "azurerm_resource_group.example.name"
  location               = "azurerm_resource_group.example.location"
  version                = "12"
  delegated_subnet_id    = "azurerm_subnet.example.id"
  private_dns_zone_id    = "azurerm_private_dns_zone.example.id"
  administrator_login    = "psqladmin"
  administrator_password = "H@Sh1CoR3!"
  zone                   = "1"

  storage_mb = 32768

  sku_name   = "GP_Standard_D4s_v3"
  depends_on = ["azurerm_private_dns_zone_virtual_network_link.example"]

}