Detections
Analytics

Ensure cross account access is disabled for Azure Synapse Firewall Rule

MEDIUM

Description

Start and End IPs are too open, they may lead to cross account access for Azure Synapse Firewall Rule.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Synapse Analytics.
  2. Select the Synapse workspace that you wish to edit.
  3. Under Security, select Managed Private Endpoints.
  4. Set private endpoint access accordingly.

In Terraform -

  1. For each azurerm_synapse_workspace resource, create an azurerm_synapse_firewall_rule resource.
  2. Set the start_ip_address field to something other than 0.0.0.0.

References:
https://learn.microsoft.com/en-us/azure/synapse-analytics/security/how-to-create-managed-private-endpoints
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_workspace
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/synapse_firewall_rule

Policy Details

Rule Reference ID: AC_AZURE_0203
CSP: Azure
Remediation Available: No
Domain: Infrastructure Security
Resource: azurerm_synapse_firewall_rule
Resource Category: Virtual Network
Resource Type: Security Group

Frameworks