Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Storage Auto-Growth

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: PostgreSQL-011

Ensure that Storage Auto-Growth feature is enabled for your production Azure PostgreSQL database servers. Storage auto-growth prevents your PostgreSQL servers from running out of storage and becoming read-only.

This rule resolution is part of the Conformity solution.

Reliability

When working with production data and the database storage auto-growth is enabled, the disk storage automatically grows without impacting the workload. You can add additional storage capacity during and after the creation of the PostgreSQL server, and allow the system to grow storage automatically based on the storage consumption of your workload. For PostgreSQL database servers with less than equal to 100GB provisioned storage, the provisioned storage size is increased by 5GB as soon as the free storage is below 10% of the provisioned storage space. For database servers with more than 100 GB of provisioned storage, the provisioned storage size is increased by 5% when the free storage space is below 5% of the provisioned storage size.

Audit

To determine if storage auto-growth is enabled for your Azure PostgreSQL database servers, perform the following actions:

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 From the Type filter box, select Azure Database for PostgreSQL server to list the PostgreSQL servers available within your Azure account.

04 Click on the name of the PostgreSQL database server that you want to examine.

05 In the navigation panel, under Settings, select Pricing tier to access the pricing tier settings available for the selected PostgreSQL server.

06 On the Pricing tier page, check the Storage Auto-growth configuration setting status. If the setting status is set to No, storage auto-growth is not enabled for the selected Microsoft Azure PostgreSQL database server.

07 Repeat steps no. 4 – 6 for each PostgreSQL database server available in the current Azure subscription.

08 Repeat steps no. 3 – 7 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run postgres server list command (Windows/macOS/Linux) using custom query filters to list the names of all PostgreSQL database servers (and the name of their associated resource groups) available in the current Azure subscription: 

az postgres server list
	--output table
	--query '[*].{name:name, resourceGroup:resourceGroup}'

02 The command output should return a table with requested PostgreSQL server information: 

Name                     ResourceGroup
-----------------------  ------------------------------
cc-postgres-prod-server  cloud-shell-storage-westeurope
cc-project5-db-server    cloud-shell-storage-westeurope

03 Run postgres server show command (Windows/macOS/Linux) using the name of the Azure PostgreSQL server that you want to examine as identifier parameter and custom query filters to describe the storage auto-growth setting status for the selected database server: 

az postgres server show
	--name cc-postgres-prod-server
	--resource-group cloud-shell-storage-westeurope
	--query 'storageProfile.storageAutogrow'

04 The command output should return the requested configuration setting status: 

"Disabled"

If postgres server show command output returns "Disabled", as shown in the example above, the Storage Auto-Growth feature is not enabled for the selected Microsoft Azure PostgreSQL database server.

05 Repeat step no. 3 and 4 for each Azure PostgreSQL server provisioned in the selected subscription.

06 Repeat steps no. 1 – 5 for each subscription available within your Microsoft Azure cloud account.

Remediation / Resolution

To enable storage auto-growth for your production Azure PostgreSQL database servers, perform the following actions:

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 From the Type filter box, select Azure Database for PostgreSQL server to list the PostgreSQL servers available in your Azure account.

04 Click on the name of the PostgreSQL server that you want to reconfigure (see Audit section part I to identify the right PostgreSQL resource).

05 In the navigation panel, under Settings, select Pricing tier to access the pricing tier settings available for the selected PostgreSQL server.

06 On the Pricing tier page, select Yes for the Storage Auto-growth configuration setting to enable the Storage Auto-Growth feature for the selected Microsoft Azure PostgreSQL database server. Click OK to apply the configuration changes.

07 Repeat steps no. 4 – 6 for each production PostgreSQL database server available within the selected subscription.

08 Repeat steps no. 3 – 7 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run postgres server update command (Windows/macOS/Linux) using the name of the Azure PostgreSQL server that you want to reconfigure as identifier parameter (see Audit section part II to identify the right Azure resource) to enable automated storage growth for the selected database server by setting the --auto-grow command parameter to Enabled: 

az postgres server update
	--name cc-postgres-prod-server
	--resource-group cloud-shell-storage-westeurope
	--auto-grow Enabled

02 The command output should return the metadata for the reconfigured Azure PostgreSQL server: 

{
  "fullyQualifiedDomainName": "cc-postgres-prod-server.postgres.database.azure.com",
  "name": "cc-postgres-prod-server",
  "replicaCapacity": 5,
  "resourceGroup": "cloud-shell-storage-westeurope",
  "sku": {
    "capacity": 4,
    "family": "Gen5",
    "name": "B_Gen5_2",
    "size": null,
    "tier": "Basic"
  },

  ...

  "sslEnforcement": "Disabled",
  "storageProfile": {
    "backupRetentionDays": 7,
    "geoRedundantBackup": "Disabled",
    "storageAutogrow": "Enabled",
    "storageMb": 10240
  },
  "tags": {},
  "type": "Microsoft.DBforPostgreSQL/servers",
  "userVisibleState": "Ready",
  "version": "10"
}

03 Repeat step no. 1 and 2 for each productionPostgreSQL database server deployed in the selected subscription.

04 Repeat steps no. 1 – 3 for each subscription created within your Microsoft Azure cloud account.

References

Publication date Apr 6, 2020

Related PostgreSQL rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable Storage Auto-Growth

Risk Level: High