standard
turbot/azure_compliance

Trigger: Detect & correct MySQL flexible servers without minimum TLS 1.2

Detect MySQL flexible servers without minimum TLS 1.2 and then enable TLS version 1.2.

Query

select
concat(id, ' [', subscription_id, '/', resource_group, ']') as title,
id as id,
name as server_name,
resource_group,
subscription_id,
_ctx ->> 'connection_name' as conn
from
azure_mysql_flexible_server,
jsonb_array_elements(flexible_server_configurations) as config
where
config ->> 'Name' = 'tls_version'
and config -> 'ConfigurationProperties' ->> 'value' not in ('TLSv1.3', 'TLSv1.3');

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/MySQL