Closed eduardodfmex closed 1 month ago
how does skipping the check ensures 'that the Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible' ?
@MichaelPetrinolis, on this deployment we don't plan to use ML Workspace, we use the SA to store files and for now this is a public deployment, changing the public access will break this Terraform deployment.
We plan to design a private deployment for the SAP GW in future sprints, for now is on the backlog: https://github.com/microsoft/power-platform-terraform-quickstarts/issues/84
@eduardodfmex I thought that you fixed the error. I have the same issue, I am forced to skip this check although I made the steps necessary to make the storage private. I tried public_network_access_enabled = false allow_nested_items_to_be_public = false
but this does not fix the chekov error check.
Thanx for sharing the pending issue.
Adding exception for Storage account check:
checkov:skip=CKV_AZURE_50: "Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible"
This pull request includes a change to the
resource "azurerm_storage_account" "storage_account"
block in thequickstarts/301-sap-gateway/storage-account/main.tf
file. The change adds a new checkov skip rule (CKV_AZURE_50
) to ensure that the Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible. This is an important security measure to protect sensitive data.