Ensure Azure Virtual machine does not enable password authentication

Error: Azure Virtual machine enables password authentication

Bridgecrew Policy ID: BC_AZR_GENERAL_84
Checkov Check ID: CKV_AZURE_149
Severity: LOW

Azure Virtual machine enables password authentication

Description

Disabling password authentication for your Azure virtual machine (VM) can help improve the security of your VM. Password authentication allows users to access the VM using a password, rather than an Azure Active Directory (Azure AD) account or other form of authentication.

By disabling password authentication, you can help prevent unauthorized access to your VM and protect it from potential security threats such as data breaches or unauthorized access. Instead, you should use more secure forms of authentication such as Azure AD, SSH keys, or multi-factor authentication.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_linux_virtual_machine_scale_set
  • Argument: disable_password_authenticatio
resource "azurerm_linux_virtual_machine_scale_set" "pass" {
  name                            = var.scaleset_name
  resource_group_name             = var.resource_group.name
  location                        = var.resource_group.location
  sku                             = var.sku
  instances                       = var.instance_count
  admin_username                  = var.admin_username
  disable_password_authentication = true
  tags                            = { test = "Fail" }
}