Terraform Retention Less Than 90 Days
Description
Detects when Azure SQL Server instances are configured with audit log retention periods of less than 90 days. Short retention periods can hinder security investigations and may not meet compliance requirements for maintaining audit history.
Detection Strategy
• Look for Terraform resources of type 'azurerm_sql_server'
• Check if the resource has audit log retention settings configured
• Identify if the configured retention period is less than 90 days
• Flag resources where retention period is missing or set below the 90-day minimum threshold
Vulnerable code example
resource "azurerm_sql_server" "example" {
name = "sqlserver"
resource_group_name = "mygroup"
location = "eastus"
administrator_login = "admin"
administrator_login_password = "password123"
extended_auditing_policy {...✅ Secure code example
resource "azurerm_sql_server" "example" {
name = "sqlserver"
resource_group_name = "mygroup"
location = "eastus"
version = "12.0" # Specify SQL Server version explicitly for security tracking
administrator_login = "admin"
administrator_login_password = var.sql_admin_password # Use variable to avoid hardcoded credentials
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.