Policy: Azure > CIS v3.0 > 05 - Database Services > 05.02 - Azure Database for PostgreSQL > 05.02.05 - Ensure 'Allow public access from any Azure service within Azure to this server' for PostgreSQL flexible server is disabled

Configures auditing against a CIS Benchmark item.

Level: 1

Disable access from Azure services to PostgreSQL flexible server.

If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, set up firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.

Targets

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v3.0 > 05 - Database Services > 05.02 - Azure Database for PostgreSQL

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v3.0 > 05 - Database Services`
Valid Values [YAML]	`Per Azure > CIS v3.0 > 05 - Database Services` `Skip` `Check: Benchmark`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v070904

Policy Type URI

tmod:@turbot/azure-cisv3-0#/policy/types/r050205

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv3-0#/policy/types/r050205") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r050205'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv3-0#/policy/types/r050205'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv3-0#/policy/types/r050205"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv3-0#/policy/types/r050205"