Ensure Azure Cognitive Services accounts disable public network access
Error: Azure Cognitive Services accounts enable public network access
Bridgecrew Policy ID: BC_AZR_NETWORKING_56
Checkov Check ID: CKV_AZURE_134
Severity: LOW
Azure Cognitive Services accounts enable public network access
Description
Disabling the public network access property improves security by ensuring your Azure Cognitive Services can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.
Fix - Runtime
Fix - Buildtime
Terraform
- Resource: azurerm_cognitive_account
- Argument: public_network_access_enabled
resource "azurerm_cognitive_account" "examplea" {
name = "example-account"
location = var.resource_group.location
resource_group_name = var.resource_group.name
kind = "Face"
public_network_access_enabled = false
sku_name = "S0"
}
Updated 11 months ago