Azure SQL Server - Ensure that your Azure SQL Server supporting time critical applications are attached to a failover group

[tdefise]

Describe the issue It seems that there are no checks in order to ensure that your Azure SQL Server supporting time critical applications are attached to a failover group

Examples

resource "azurerm_resource_group" "example" {
  name     = "database-rg"
  location = "West Europe"
}

resource "azurerm_mssql_server" "primary" {
  name                         = "mssqlserver-primary"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "missadministrator"
  administrator_login_password = "thisIsKat11"
}

resource "azurerm_mssql_server" "secondary" {
  name                         = "mssqlserver-secondary"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = "North Europe"
  version                      = "12.0"
  administrator_login          = "missadministrator"
  administrator_login_password = "thisIsKat12"
}

resource "azurerm_mssql_database" "example" {
  name        = "exampledb"
  server_id   = azurerm_mssql_server.primary.id
  sku_name    = "S1"
  collation   = "SQL_Latin1_General_CP1_CI_AS"
  max_size_gb = "200"
}

resource "azurerm_mssql_failover_group" "example" {
  name      = "example"
  server_id = azurerm_mssql_server.primary.id
  databases = [
    azurerm_mssql_database.example.id
  ]

  partner_server {
    id = azurerm_mssql_server.secondary.id
  }

  read_write_endpoint_failover_policy {
    mode          = "Automatic"
    grace_minutes = 80
  }

}

Version (please complete the following information):

• Current

Additional context

To achieve higher availability and redundancy across regions, you it is possible to enable disaster recovery capabilities to quickly recover the database from a catastrophic regional failure. Options for disaster recovery with Azure SQL Database are:

• Active geo-replication Create a continuously synchronized readable secondary database in any region for a primary database.
• Failover groups, in addition to providing continuous synchronization between a primary and secondary database, also allows to manage the replication and failover of some, or all, databases on a logical server to a secondary logical server in another region. Failover groups provide read-write and read-only listener endpoints that remain unchanged so updating application connection strings after failover isn't necessary. Geo-restore allows to recover from a regional outage by restoring from geo replicated backups when a database is unaccessible in the primary region by creating a new database on any existing server in any Azure region.

The following table compares active geo-replication and failover groups, two disaster recovery options for Azure SQL Database:

[stale[bot]]

Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com Thanks!