MichaelPetrinolis
commented
1 month ago how does skipping the check ensures 'that the Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible' ?
Closed eduardodfmex closed 1 month ago
MichaelPetrinolis
commented
1 month ago how does skipping the check ensures 'that the Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible' ?
eduardodfmex
commented
1 month ago @MichaelPetrinolis, on this deployment we don't plan to use ML Workspace, we use the SA to store files and for now this is a public deployment, changing the public access will break this Terraform deployment.
We plan to design a private deployment for the SAP GW in future sprints, for now is on the backlog: https://github.com/microsoft/power-platform-terraform-quickstarts/issues/84
MichaelPetrinolis
commented
1 month ago @eduardodfmex I thought that you fixed the error. I have the same issue, I am forced to skip this check although I made the steps necessary to make the storage private. I tried public_network_access_enabled = false allow_nested_items_to_be_public = false but this does not fix the chekov error check.
Thanx for sharing the pending issue.
Adding exception for Storage account check:
checkov:skip=CKV_AZURE_50: "Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible"
This pull request includes a change to the
resource "azurerm_storage_account" "storage_account"block in thequickstarts/301-sap-gateway/storage-account/main.tffile. The change adds a new checkov skip rule (CKV_AZURE_50) to ensure that the Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible. This is an important security measure to protect sensitive data.