Ensure Cosmos DB accounts have restricted access

Error: Cosmos DB accounts do not have restricted access

Bridgecrew Policy ID: BC_AZR_NETWORKING_26
Checkov Check ID: CKV_AZURE_99
Severity: LOW

Cosmos DB accounts do not have restricted access

Description

Cosmos DB is a globally distributed database service that provides multiple ways to secure and protect your data, such as network isolation, virtual networks, Azure Private Link, and Azure AD authentication. By restricting access to your Cosmos DB account, you can control who can access your database and what actions they can perform on it.

By ensuring that your Cosmos DB accounts have restricted access, you can help to improve the security of your database and protect it from unauthorized access or attacks. This can help to ensure that your database is secure and available for your users.

Fix - Buildtime

Terraform

  • Resource: azurerm_cosmosdb_account
  • Argument:public_network_access_enabled
resource "azurerm_cosmosdb_account" "db" {
              ...
 +            public_network_access_enabled = false
              ...
            }