Ensure Azure ACR admin account is disabled

Error: Azure ACR admin account is enabled

Bridgecrew Policy ID: BC_AZR_IAM_5
Checkov Check ID: CKV_AZURE_137
Bridgecrew Severity: LOW

Azure ACR admin account is enabled

Description

Disabling the admin account for your Azure Container Registry (ACR) can help improve the security of your registry. The admin account has full access to all resources within the registry, and can make any changes to the registry and its contents.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_container_registry
  • Argument: admin_enabled
resource "azurerm_container_registry" "ckv_unittest_pass" {
  name                = "containerRegistry1"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  admin_enabled       = false
}