Ensure that Storage accounts disallow public access

Error: Ensure that Storage accounts disallow public access

Bridgecrew Policy ID: BC_AZR_NETWORKING_18
Checkov Check ID: CKV_AZURE_59
Severity: LOW

Ensure that Storage accounts disallow public access

Description

As a best practice, do not allow anonymous/public access to storage accounts unless you have a very good reason. The all networks option includes the internet.

Fix - Runtime

In Azure Console

  1. Log in to the Azure portal
  2. Navigate to 'Storage Accounts'
  3. Select the reported storage account
  4. Under 'Security + networking section' section, Select 'Networking'
  5. Under Firewall and virtual networks
  6. Click on 'Change access level'
  7. Set 'Public networks access' to 'anything but 'Enabled from all networks'
  8. Click on Save'

Fix - Buildtime

Terraform

  • Resource: azurerm_storage_account
  • Argument: public_network_access_enabled
resource "azurerm_storage_account" "pike" {
              ...
+             public_network_access_enabled = false
              ...
            }