CKV2_AZURE_50: "Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible"
To Reproduce
Steps to reproduce the behavior:
The check now is marked by the checkov reveew.
Sample Terraform Code
REMINDER: REMOVE SENSITIVE DATA SUCH AS SECRETS, USER NAMES, EMAILS, TENANT INFORMATION, ETC.
resource "azurerm_storage_account" "storage_account" {
name = azurecaf_name.storage_account_name.result
resource_group_name = var.resource_group_name
location = var.region
account_tier = "Standard"
account_replication_type = "GRS"
min_tls_version = "TLS1_2"
public_network_access_enabled = true //this feature needs to be changed to be false once the setup is completed.
allow_nested_items_to_be_public = true //this feature needs to be changed to be false once the setup is completed.
shared_access_key_enabled = true //this feature needs to be changed to be false once the setup is completed.
identity {
type = "SystemAssigned"
}
network_rules {
default_action = "Allow" // this feature needs to be changed to be"Deny"
#checkov:skip=CKV_AZURE_59: "Ensure that Storage accounts disallow public access, this deployment requires public access to the storage account"
#checkov:skip=CKV_AZURE_35: "Ensure default network access rule for Storage Accounts is set to deny"
#checkov:skip=CKV_AZURE_50: "Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible"
bypass = ["AzureServices", "Logging", "Metrics"]
}
Expected behavior
We will add the following exception:
#checkov:skip=CKV_AZURE_50: "Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible"
System Information
Provider Version: 2.2.0-preview
OS & Version: Pipeline Checkov task
Contribution
Contribution
Do you plan to raise a PR to address this issue? YES / NO?
Fix CKV2_AZURE_50 on the SAP QuickStart
CKV2_AZURE_50: "Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible"
To Reproduce
Steps to reproduce the behavior:
The check now is marked by the checkov reveew.
Sample Terraform Code
REMINDER: REMOVE SENSITIVE DATA SUCH AS SECRETS, USER NAMES, EMAILS, TENANT INFORMATION, ETC.
Expected behavior
We will add the following exception:
System Information
Contribution
Contribution
Do you plan to raise a PR to address this issue? YES / NO?