Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS Token

LOW

Description

SAS tokens provide authenticated access to Azure Managed Disks. To help mitigate risk when using SAS tokens, best practices include short-term expiration periods and having a revocation plan in place. For more information on using SAS tokens with Managed Disks, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Remediation

In Terraform -

In the azurerm_managed_disk_sas_token resource, set 'duration_in_seconds' to 3600 or less.

References:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/disk_sas_token

Policy Details

Rule Reference ID: AC_AZURE_0202

CSP: Azure

Remediation Available: Yes

Domain: Data Protection

Resource: azurerm_managed_disk_sas_token

Resource Category: Storage

Resource Type: Disk

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001