Ensure that admin user is disabled for Azure Container Registry

MEDIUM

Description

The default administrator user account should be disabled; it is considered best practice to ensure that these accounts are disabled for services that have them.

Remediation

In Azure Console -

Open the Azure Portal and go to Container Registries.
Select the Container Registry you wish to edit.
Under Settings, choose Access keys.
Set the Admin user setting to Disabled.

In Terraform -

In the azurerm_container_registry resource, set admin_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry#admin_enabled

Policy Details

Rule Reference ID: AC_AZURE_0186

CSP: Azure

Remediation Available: Yes

Domain: Identity and Access Management

Resource: azurerm_container_registry

Resource Category: Compute

Resource Type: Azure Kubernetes Service (AKS)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
SOC2
NY-DFS

Detections

Analytics