Storage Container Is Publicly Accessible

  • Query id: dd5230f8-a577-4bbb-b7ac-f2c2fe7d5299
  • Query name: Storage Container Is Publicly Accessible
  • Platform: Terraform
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

Anonymous, public read access to a container and its blobs are enabled in Azure Blob Storage
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_storage_container" "positive1" {
  name                  = "vhds"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "blob"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_storage_container" "negative1" {
  name                  = "vhds"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"
}

resource "azurerm_storage_container" "negative2" {
  name                  = "vhds2"
  storage_account_name  = azurerm_storage_account.example.name
  // default is "private"
}