PostgreSQL
      Back to home
      1. CNS Policies
      2. Azure Knowledge Base
      3. PostgreSQL

      Geo-Redundant Backups Disabled

      Risk Level: Low

      Description:

      This plugin enables geo-redundant backups for your Microsoft Azure PostgreSQL database servers. Enabling geo-redundant backup storage for PostgreSQL database servers improves disaster recovery and allows you to restore your server to a new location.


      Recommended Action: PostgreSQL servers do not support modifying geo-redundant storage configuration. You need to create a new server using the current server's configuration with geo-redundant backup storage enabled and then delete the current PostgreSQL server

      About the Service :

      The PostgreSQL Community Edition database engine powers Azure Database for PostgreSQL, a relational database service in the Microsoft cloud. Azure Database for PostgreSQL includes built-in quality, data protection, and automated maintenance for the underlying hardware, operating system, and database engine, among other features.

      Impact:

      If the geo-redundant backup feature is disabled for your Azure subscription then you won’t be able to restore your PostgreSQL servers to a different Azure region in the event of a regional outage or a disaster. 

      Steps to Reproduce :

      1. Sign in to Azure Management Console.
      2. Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
      3. From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
      4. Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
      5. In the navigation panel, select Pricing tier.
      6. On the Pricing tier page scroll down to the Backup Redundancy Option section. 
      7. If the value of this parameter is set to Locally Redundant, then the data can be recovered from the current region only and the geo-redundant feature is disabled for the selected Microsoft Azure PostgreSQL database server.
      8. Repeat steps no. 3 – 7 for each PostgreSQL database server provisioned in the current Azure subscription as well as in other subscriptions in your Microsoft Azure cloud account.

      Steps for remediation :

      1. Sign in to Azure Management Console.
      2. Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
      3. From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
      4. Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
      5. In the navigation panel, select Pricing tier.
      6. On the Pricing tier page scroll down to the Backup Redundancy Option section. 
      7. For this section, select the Geo-Redundant option.
      9. Click Save to save the changes.
      10. Repeat steps no. 3 - 9 to reconfigure other PostgreSQL database servers provisioned in all your Azure subscriptions. 

      References: