Ensure 'Allow public access from any Azure service within Azure to this server' for PostgreSQL flexible server is disabled
Why This Matters
The "Allow public access from any Azure service within Azure to this server" setting on PostgreSQL flexible servers creates a broad firewall rule accepting connections from all Azure resources, including those outside your subscription. This bypasses network segmentation and significantly increases the attack surface. Administrators should disable this setting and instead use specific network or VNET rules to control access.
What Aether365 Checks
Aether365 verifies that the Allow public access from any Azure service within Azure to this server option for PostgreSQL flexible servers is disabled. This check appears in the Aether365 dashboard under azure-postgresql-server checks.