Detections
Analytics

Ensure public network access is disabled for Azure Container Registry

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to the container registries console.
  2. Choose the registry you wish to edit.
  3. Under Settings, select Networking.
  4. On the Public access tab, select Disabled.

In Terraform -

  1. In the azurerm_container_registry resource, set 'public_network_access_enabled' to 'false'. By default 'public_network_access_enabled' is set to 'true'.

References:
https://learn.microsoft.com/en-us/azure/container-registry/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry#public_network_access_enabled

Policy Details

Rule Reference ID: AC_AZURE_0262
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_container_registry
Resource Category: Compute
Resource Type: Azure Kubernetes Service (AKS)

Frameworks