Ensure Azure Machine Learning Workspace is not publicly accessible
Error: Azure Machine Learning Workspace is publicly accessible
Bridgecrew Policy ID: BC_AZR_NETWORKING_53
Checkov Check ID: CKV_AZURE_144
Severity: LOW
Azure Machine Learning Workspace is publicly accessible
Description
Disabling the public network access property improves security by ensuring your Azure Machine Learning Workspaces can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.
Fix - Runtime
Fix - Buildtime
Terraform
- Resource: azurerm_machine_learning_workspace
- Argument: public_network_access_enabled
resource "azurerm_machine_learning_workspace" "ckv_unittest_pass" {
name = "example-workspace"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
application_insights_id = azurerm_application_insights.example.id
key_vault_id = azurerm_key_vault.example.id
storage_account_id = azurerm_storage_account.example.id
public_network_access_enabled = false
identity {
type = "SystemAssigned"
}
encryption {
key_vault_id = azurerm_key_vault.example.id
key_id = azurerm_key_vault_key.example.id
}
}
Updated 9 months ago