Ensure Azure data exfiltration protection for Azure Synapse workspace is enabled

Error: Azure Data exfiltration protection for Azure Synapse workspace is disabled

Bridgecrew Policy ID: BC_AZR_GENERAL_86
Checkov Check ID: CKV_AZURE_157
Severity: LOW

Azure Data exfiltration protection for Azure Synapse workspace is disabled

Description

Enabling data exfiltration protection for your Azure Synapse workspace can help prevent unauthorized access to your data. Data exfiltration is the unauthorized transfer of data from a network or system, and can be a potential security threat.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_synapse_workspace
  • Argument: data_exfiltration_protection_enabled
resource "azurerm_synapse_workspace" "pass" {
  name                                 = "example"
  resource_group_name                  = azurerm_resource_group.example.name
  location                             = azurerm_resource_group.example.location
  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.example.id
  sql_administrator_login              = "sqladminuser"
  sql_administrator_login_password     = "H@Sh1CoR3!"
  managed_virtual_network_enabled      = false
  data_exfiltration_protection_enabled = true
  aad_admin {
    login     = "AzureAD Admin"
    object_id = "00000000-0000-0000-0000-000000000000"
    tenant_id = "00000000-0000-0000-0000-000000000000"
  }

  tags = {
    Env = "production"
  }
}