Public Storage Account
- Query id: 35e2f133-a395-40de-a79d-b260d973d1bd
- Query name: Public Storage Account
- Platform: Ansible
- Severity: High
- Category: Access Control
- CWE: 284
- URL: Github
Description¶
Storage Account should not be public to grant the principle of least privileges
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: configure firewall and virtual networks
azure_rm_storageaccount:
resource_group: myResourceGroup
name: clh0002
type: Standard_RAGRS
network_acls:
bypass: AzureServices,Metrics
default_action: Deny
ip_rules:
- value: 0.0.0.0/0
action: Allow
- name: configure firewall and more virtual networks
azure_rm_storageaccount:
resource_group: myResourceGroup
name: clh0003
type: Standard_RAGRS
network_acls:
bypass: AzureServices,Metrics
default_action: Allow