Ensure shared access policies are not used for IoT Hub

HIGH

Description

Azure IoT Hub shared access policies expose the IoT Hub to potential security vulnerabilities inherent in security tokens.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to IoT Hub.
  2. Choose the IoT Hub you wish to edit.
  3. Under Security settings, select Shared Access Policies.
  4. Delete any user-created shared access policies found.
    Note: for identity and access management, see the Azure documentation.

In Terraform -

  1. For each azurerm_iothub resource, remove any azurerm_iothub_shared_access_policy resources.

References:
https://learn.microsoft.com/en-us/azure/iot-fundamentals/iot-security-deployment#securing-the-cloud
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub_shared_access_policy

Policy Details

Rule Reference ID: AC_AZURE_0094
CSP: Azure
Remediation Available: No
Resource: azurerm_iothub
Resource Category: Virtual Network
Resource Type: IoT Hub

Frameworks