Detections
Analytics
Ensure to filter source IP's for Azure CosmosDB Account
HIGH
Description
Unfiltered source IP's may lead to unauthorized access to Azure Cosmos DB Account.
Remediation
In Azure Console -
- Open the Azure Portal and go to Cosmos DB.
- Select the Cosmos DB account you wish to edit.
- Under Settings, choose Networking.
- On the Public access tab, choose Select Networks and add IP addresses or CIDR ranges in the Firewall section.
- Save.
In Terraform -
- In the azurerm_cosmosdb_account resource, configure the ip_range_filter field with a list of IP ranges in CIDR format.
References:
https://learn.microsoft.com/en-us/azure/cosmos-db/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#ip_range_filter
Policy Details
Rule Reference ID: AC_AZURE_0184
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_cosmosdb_account
Resource Category: Database
Resource Type: Cosmos DB Account