Detections
Analytics

Ensure public network access is disabled for Azure Cognitive Account

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

To limit public access to a Cognitive Services account, a virtual network and firewall rules will need to be configured. The network can then be used by the Cognitive Services account. See the Azure Documentation for steps on creating and using virtual networks for Cognitive Services.

In Terraform -

  1. In the azurerm_cognitive_account resource, set public_network_access_enabled to false.

References:
https://learn.microsoft.com/en-us/azure/cognitive-services/cognitive-services-virtual-networks?tabs=portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cognitive_account

Policy Details

Rule Reference ID: AC_AZURE_0254
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_cognitive_account
Resource Category: Analytics
Resource Type: Cognitive Services

Frameworks