Ensure Azure Cognitive Services accounts disable public network access

Error: Azure Cognitive Services accounts enable public network access

Bridgecrew Policy ID: BC_AZR_NETWORKING_56
Checkov Check ID: CKV_AZURE_134
Severity: LOW

Azure Cognitive Services accounts enable public network access

Description

Disabling the public network access property improves security by ensuring your Azure Cognitive Services can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_cognitive_account
  • Argument: public_network_access_enabled
resource "azurerm_cognitive_account" "examplea" {
  name                = "example-account"
  location            = var.resource_group.location
  resource_group_name = var.resource_group.name
  kind                = "Face"
  public_network_access_enabled = false
  sku_name = "S0"
}