Covers security recommendations to follow to set general database services policies on an Azure Subscription. Subsections will address specific database types.

Azure > CIS v2.0

Azure > CIS v2.0 > 04 - Database Services

Azure > Management Group

Azure > Subscription

Azure > Tenant

Turbot > Folder

Turbot

Turbot > IAM > Turbot Identity

Turbot > IAM > Unidentified Identity

Azure > Active Directory > Directory

Kubernetes > Cluster

GitHub > Repository

AWS > Account

ServiceNow > Instance

GCP > Project

Azure > Search Management > Search Service

Azure > API Management > API Management Service

Azure > Service Bus > Namespace

Azure > Resource Group

Azure > Synapse Analytics > SQL Pool

Azure > Synapse Analytics > Workspace

Azure > Firewall > Firewall

Azure > Recovery Service > Vault

Azure > PostgreSQL > Flexible Server

Azure > PostgreSQL > Server

Azure > Compute > Availability Set

Azure > Compute > Disk

Azure > Compute > Disk Encryption Set

Azure > Compute > Image

Azure > Compute > Snapshot

Azure > Compute > Ssh Public Key

Azure > Compute > Virtual Machine

Azure > Compute > Virtual Machine Scale Set

Azure > Container Registry > Registry

Azure > Monitor > Action Group

Azure > Monitor > Metric Alert

Azure > Automation > Automation Account

Azure > Automation > Runbook

Azure > Load Balancer > Load Balancer

Azure > Network > Application Security Group

Azure > Network > Express Route Circuits

Azure > Network > Network Interface

Azure > Network > Network Security Group

Azure > Network > Private DNS Zones

Azure > Network > Private Endpoints

Azure > Network > Public IP Address

Azure > Network > Route Table

Azure > Network > Virtual Network

Azure > Network > Virtual Network Gateway

Azure > Network > Private Link Service

Azure > DNS > Zone

Azure > DNS > Record Set

Azure > AKS > Managed Cluster

Azure > Databricks > Workspace

Azure > Network Watcher > Network Watcher

Azure > MySQL > Flexible Server

Azure > MySQL > Server [Deprecated]

Azure > Relay > Namespace

Azure > Storage > Storage Account

Azure > Log Analytics > Log Analytics Workspace

Azure > Managed Identity > User Assigned Identity

Azure > SQL > Database

Azure > SQL > Elastic Pool

Azure > SQL > Managed Instance

Azure > SQL > Server

Azure > Data Factory > Factory

Azure > SQL Virtual Machine Service > SQL Virtual Machine

Azure > SignalR Service > SignalR

Azure > App Service > App Service Plan

Azure > App Service > Web App

Azure > Key Vault > Vault

Azure > Cosmos DB > Database Account

Azure > Application Insights > Application Insight

Azure > Application Gateway Service > Application Gateway

AWS > CodeBuild > Project

AWS > CodeBuild > Source Credential

AWS > CodeCommit > Repository

AWS > SageMaker > Domain

AWS > SageMaker > Endpoint

AWS > SageMaker > Endpoint Configuration

AWS > SageMaker > Model

AWS > SageMaker > Notebook Instance

AWS > SageMaker > Training Job

AWS > Lightsail > Relational Database

AWS > Lightsail > Instance

AWS > Lightsail > Load Balancer

AWS > ACM > Certificate

AWS > Well-Architected Tool > Workload

AWS > WAF > Rule Group v2 Global

AWS > WAF > Web ACL [Deprecated]

AWS > WAF > Web ACL v2 Regional

AWS > WAF > Web ACL v2 Global

AWS > WAF > Regex Pattern Set v2 Regional

AWS > WAF > Rule Group v2 Regional

AWS > WAF > Regex Pattern Set v2 Global

AWS > WAF > IP Set v2 Regional

AWS > WAF > IP Set v2 Global

AWS > ElastiCache > Cache Cluster

AWS > ElastiCache > Snapshot

AWS > ElastiCache > Replication Group

AWS > DynamoDB > Table

AWS > Route 53 > Hosted Zone

AWS > VPC > Customer Gateway

AWS > VPC > Transit Gateway

AWS > VPC > Transit Gateway Route Table

AWS > VPC > Peering Connection

AWS > VPC > VPN Connection

AWS > VPC > VPN Gateway

AWS > Kinesis > Stream

AWS > Kinesis > Kinesis Video Stream

AWS > Data Pipeline > Pipeline [Deprecated]

AWS > QLDB > Ledger

AWS > Athena > Workgroup

AWS > Athena > NamedQuery

AWS > Region

AWS > EC2 > Instance

GCP > Folder

Control: Azure > CIS v2.0 > 04 - Database Services

Category

In Your Workspace

Developers