Ensure Azure data exfiltration protection for Azure Synapse workspace is enabled
Error: Azure Data exfiltration protection for Azure Synapse workspace is disabled
Bridgecrew Policy ID: BC_AZR_GENERAL_86
Checkov Check ID: CKV_AZURE_157
Severity: LOW
Azure Data exfiltration protection for Azure Synapse workspace is disabled
Description
Enabling data exfiltration protection for your Azure Synapse workspace can help prevent unauthorized access to your data. Data exfiltration is the unauthorized transfer of data from a network or system, and can be a potential security threat.
Fix - Runtime
Fix - Buildtime
Terraform
- Resource: azurerm_synapse_workspace
- Argument: data_exfiltration_protection_enabled
resource "azurerm_synapse_workspace" "pass" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id
sql_administrator_login = "sqladminuser"
sql_administrator_login_password = "[email protected]!"
managed_virtual_network_enabled = false
data_exfiltration_protection_enabled = true
aad_admin {
login = "AzureAD Admin"
object_id = "00000000-0000-0000-0000-000000000000"
tenant_id = "00000000-0000-0000-0000-000000000000"
}
tags = {
Env = "production"
}
}
Updated 5 months ago