Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Azure > SQL Databases >

SQL DB Multiple AZ

MEDIUM
Source
CloudSploit
ID
sql-db-multiple-az
management console

SQL DB Multiple AZ

Ensures that SQL Database instances are created to be cross-AZ for high availability

Creating SQL Database instances in a single availability zone creates a single point of failure for all systems relying on that database. All SQL Database instances should be created in multiple availability zones to ensure proper failover.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the Microsoft Azure Management Console.

  2. Select the “Search resources, services, and docs” option at the top and search for “SQL databases”. Step

  3. On the “SQL database” page, click on the “Cloud shell” icon at the top next to the search bar as “Availability Zones” cannot be checked from Azure “UI Console”.Step

  4. In the box that opens at the bottom, select “PowerShell”.Step

  5. In the next screen, select the desired Azure Subscription & click on “Create storage” button.Step

  6. Run “Get-AzSqlServer” PowerShell command in the PowerShell prompt, to list all the “SQL servers” in the selected subscription. Note the “ResourceGroupName” and “ServerName” of the desired SQL server.Step

  7. Run “Get-AzSqlDatabase -ResourceGroupName your_resource_group_name -ServerName your_server_name -DatabaseName your_DB_Name” PowerShell command.Step

  8. If the value of property “ZoneReduntant” is “false” in the result then the database is not zone reduntant.Step

  9. If the value of ZoneReduntant is False then we need to restore the affected Database with a minimum of “Premium” grade “Compute + storage”.

  10. On the Azure UI Dashboard, go to the configuration of the affected database and click on “Restore” button at the top.Step

  11. On the “Create SQL Database - Restore database” page, select the “Earliest restore point” and click on “Configure database” next to “Compute + storage”.Step

  12. On the Configure page, select “Premium” or higher Service tier type in the “Service tier” dropdown.Then select “yes” for “Would you like to make this database zone redundant?” and click “Apply” button at the bottom.Step

  13. Now click “Review + create” and “Create” on the “Create SQL Database - Restore database” page to complete the restoration.Step

  14. Once the restoration is complete, on Azure PowerShell run the command “Get-AzSqlDatabase -ResourceGroupName your_resource_groupname -ServerName your_server_name -DatabaseName your_DB_Name” to verify that zone reduntant property is now “True”.Step

  15. Repeat steps 3 - 14 for all other SQL databases to make them zone redundant.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use