Detections
Analytics

Ensure public access is disabled for Azure Storage Sync

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Storage Sync Services.
  2. Select the Storage Sync that you wish to edit.
  3. Under Settings, select Network.
  4. Create a private endpoint and set the Allow access from setting to Private endpoints only.

In Terraform -

  1. In the azurerm_storage_management_policy resource, remove an incoming_traffic_policy field that's set to AllowAllTraffic or replace the value with AllowVirtualNetworksOnly.

References:
https://learn.microsoft.com/en-us/azure/storage/blobs/snapshots-overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_sync

Policy Details

Rule Reference ID: AC_AZURE_0305
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_storage_sync
Resource Category: Storage
Resource Type: Storage Accounts

Frameworks