Storage Account Not Forcing HTTPS

  • Query id: 12944ec4-1fa0-47be-8b17-42a034f937c2
  • Query name: Storage Account Not Forcing HTTPS
  • Platform: Terraform
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

Storage Accounts should enforce the use of HTTPS
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_storage_account" "positive1" {
  name                      = "example1"
  resource_group_name       = data.azurerm_resource_group.example.name
  location                  = data.azurerm_resource_group.example.location
  account_tier              = "Standard"
  account_replication_type  = "GRS"
  enable_https_traffic_only = false
}

resource "azurerm_storage_account" "positive2" {
  name                      = "example2"
  resource_group_name       = data.azurerm_resource_group.example.name
  location                  = data.azurerm_resource_group.example.location
  account_tier              = "Standard"
  account_replication_type  = "GRS"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_storage_account" "negative1" {
  name                      = "example"
  resource_group_name       = data.azurerm_resource_group.example.name
  location                  = data.azurerm_resource_group.example.location
  account_tier              = "Standard"
  account_replication_type  = "GRS"
  enable_https_traffic_only = true
}