More Info:

Ensure that Storage Auto-Growth feature is enabled for your production Azure PostgreSQL database servers. Storage auto-growth prevents your PostgreSQL servers from running out of storage and becoming read-only.

Risk Level

High

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration of not having storage auto-growth enabled in Azure, you can follow these steps:
  1. Log in to the Azure portal (https://portal.azure.com/).
  2. Navigate to the storage account that you want to remediate.
  3. Click on the “Configuration” tab in the left-hand menu.
  4. Under the “Data Protection” section, click on “Blob Service”.
  5. Scroll down to the “Auto-grow” section and toggle the switch to “Enabled”.
  6. Specify the maximum size that you want the storage account to grow to. You can either choose a fixed size or enable automatic growth by percentage.
  7. Click “Save” to apply the changes.
Once you have completed these steps, your storage account will automatically grow as needed to accommodate additional data. This will help prevent any potential data loss due to insufficient storage capacity.

To enable storage auto-growth for Azure using Azure CLI, follow the below steps:
  1. Open the Azure CLI on your local machine or on the Azure portal.
  2. Login to your Azure account using the command: 
    az login
  3. Select the subscription in which you want to enable storage auto-growth using the command: 
    az account set --subscription <subscription-id>
  4. Once you have selected the subscription, enable storage auto-growth for the Azure SQL Database using the command: 
    az sql db update --name <database-name> --resource-group <resource-group-name> --service-objective S0 --max-size 250GB --auto-grow true
    In the above command, replace the <database-name> with the name of the database for which you want to enable storage auto-growth, <resource-group-name> with the name of the resource group in which the database is present. The --max-size parameter specifies the maximum size of the database and the --auto-grow parameter enables the storage auto-growth for the database.
  5. Once the command is executed successfully, you will receive a confirmation message. 
    {
  "autoPauseDelay": null,
  "catalogCollation": "SQL_Latin1_General_CP1_CI_AS",
  "collation": "SQL_Latin1_General_CP1_CI_AS",
  "createMode": null,
  "creationDate": "2021-09-23T11:53:25.06Z",
  "currentServiceObjectiveName": "S0",
  "databaseId": "1f3a2a2a-7f36-4e7b-9d9d-4c6b6d5f9e3c",
  "defaultSecondaryLocation": null,
  "earliestRestoreDate": null,
  "edition": "Standard",
  "elasticPoolId": null,
  "failoverGroupId": null,
  "id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxx/providers/Microsoft.Sql/servers/xxxxx/databases/xxxxx",
  "kind": "v12.0,user",
  "location": "eastus",
  "longTermRetentionBackupResourceId": null,
  "maxLogSizeBytes": null,
  "maxSizeBytes": "268435456000",
  "name": "xxxxx",
  "readScale": null,
  "recoverableDatabaseId": null,
  "recoveryServicesRecoveryPointResourceId": null,
  "requestedServiceObjectiveName": null,
  "resourceGroup": "xxxxx",
  "restorableDroppedDatabaseId": null,
  "restorePointInTime": null,
  "sampleName": null,
  "serviceLevelObjective": "S0",
  "sourceDatabaseDeletionDate": null,
  "sourceDatabaseId": null,
  "status": "Online",
  "tags": {},
  "type": "Microsoft.Sql/servers/databases",
  "zoneRedundant": false
}
    This confirms that storage auto-growth has been enabled for the Azure SQL Database.
To enable storage auto-growth in Azure using Python, you can use the Azure SDK for Python. Here are the steps to remediate this issue:
  1. Install the Azure SDK for Python:
pip install azure-mgmt-storage
  1. Import the necessary modules:
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.storage import StorageManagementClient
  1. Authenticate with Azure using Service Principal credentials:
TENANT_ID = '<your tenant id>'
CLIENT_ID = '<your client id>'
CLIENT_SECRET = '<your client secret>'
SUBSCRIPTION_ID = '<your subscription id>'

credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=CLIENT_SECRET,
    tenant=TENANT_ID
)
  1. Create a StorageManagementClient object:
storage_client = StorageManagementClient(
    credentials=credentials,
    subscription_id=SUBSCRIPTION_ID
)
  1. Get the storage account that needs to be remediated:
RESOURCE_GROUP_NAME = '<your resource group name>'
ACCOUNT_NAME = '<your storage account name>'

storage_account = storage_client.storage_accounts.get_properties(
    RESOURCE_GROUP_NAME,
    ACCOUNT_NAME
)
  1. Enable storage auto-growth by updating the storage account:
storage_account.auto_grow_enabled = True

storage_client.storage_accounts.update(
    RESOURCE_GROUP_NAME,
    ACCOUNT_NAME,
    storage_account
)
This will enable storage auto-growth for the specified storage account in Azure.