PlatformResourcesSign inSign Up

Ensure Azure Machine Learning Workspace is not publicly accessible

Error: Azure Machine Learning Workspace is publicly accessible

Bridgecrew Policy ID: BC_AZR_NETWORKING_53
Checkov Check ID: CKV_AZURE_144
Severity: LOW

Suggest Edits

Azure Machine Learning Workspace is publicly accessible

Description

Disabling the public network access property improves security by ensuring your Azure Machine Learning Workspaces can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_machine_learning_workspace
  • Argument: public_network_access_enabled
resource "azurerm_machine_learning_workspace" "ckv_unittest_pass" {
  name                          = "example-workspace"
  location                      = azurerm_resource_group.example.location
  resource_group_name           = azurerm_resource_group.example.name
  application_insights_id       = azurerm_application_insights.example.id
  key_vault_id                  = azurerm_key_vault.example.id
  storage_account_id            = azurerm_storage_account.example.id
  public_network_access_enabled = false

  identity {
    type = "SystemAssigned"
  }

  encryption {
    key_vault_id = azurerm_key_vault.example.id
    key_id       = azurerm_key_vault_key.example.id
  }
}

Updated 9 months ago