Enable Geo-Redundant Backups

More Info:

Ensure that your Microsoft Azure PostgreSQL database servers have geo-redundant backups enabled, to allow you to restore your PostgreSQL servers to a different Azure region in the event of a regional outage or a disaster.

Risk Level

High

Address

Security

Compliance Standards

HITRUST, SOC2, NISTCSF

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of not having Geo-Redundant Backups enabled in Azure using Azure CLI, you can follow these steps:

Open the Azure CLI command prompt or terminal.
Login to your Azure account using the command:
```
az login
```
Once you are logged in, set the target subscription using the command:
```
az account set --subscription <subscription_id>
```
Next, enable Geo-Redundant Backups for the desired resource group using the command:
```
az backup vault backup-properties set --backup-management-type AzureIaasVM --resource-group <resource_group_name> --vault-name <vault_name> --backup-storage-redundancy GeoRedundant
```
Here, replace <resource_group_name> with the name of the resource group where the backup vault is located and <vault_name> with the name of the backup vault.

Verify the backup properties using the command:

az backup vault backup-properties show --backup-management-type AzureIaasVM --resource-group <resource_group_name> --vault-name <vault_name>

This command will display the backup properties for the specified backup vault.

Once you have verified that Geo-Redundant Backups have been enabled, you can exit the Azure CLI using the command:
```
exit
```

With these steps, you should be able to remediate the misconfiguration of not having Geo-Redundant Backups enabled in Azure using Azure CLI.

Using Python

To remediate the misconfiguration of not having Geo-Redundant Backups enabled in Azure using Python, you can use the Azure SDK for Python. Here are the step-by-step instructions:

Install the Azure SDK for Python using pip:

pip install azure-mgmt-recoveryservicesbackup

Import the necessary modules:

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.recoveryservicesbackup import RecoveryServicesBackupClient
from azure.mgmt.recoveryservicesbackup.models import ProtectionIntent

Set up the authentication credentials using a service principal:

credentials = ServicePrincipalCredentials(
    client_id='<client_id>',
    secret='<client_secret>',
    tenant='<tenant_id>'
)

Instantiate the RecoveryServicesBackupClient using the authentication credentials:

client = RecoveryServicesBackupClient(credentials, '<subscription_id>')

Get the list of protection intents:

protection_intents = client.protection_intents.list()

Check if Geo-Redundant Backups are enabled for each protection intent:

for protection_intent in protection_intents:
    if protection_intent.properties.backup_management_type == 'AzureIaasVM':
        if not protection_intent.properties.is_geo_redundant:
            # Enable Geo-Redundant Backups
            protection_intent.properties.is_geo_redundant = True
            client.protection_intents.create_or_update(
                protection_intent.name,
                protection_intent
            )

Save the changes by calling create_or_update on each protection intent that had Geo-Redundant Backups enabled.

That’s it! With these steps, you can remediate the misconfiguration of not having Geo-Redundant Backups enabled in Azure using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable Geo-Redundant Backups

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation