Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to get rid of "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary." #405

Closed
judaondo opened this issue Nov 25, 2020 · 0 comments · Fixed by #517
Closed

How to get rid of "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary." #405

judaondo opened this issue Nov 25, 2020 · 0 comments · Fixed by #517
Assignees
@gaurav-gogia
Labels
policy Issue concerning policy maintainers.

Comments

@judaondo
Copy link

judaondo commented Nov 25, 2020
edited
Loading

  • terrascan version: v1.1.0
  • Operating System: ubuntu 18.04

Description

I have this code inside an storageAccount module

# Create an storage account
resource "azurerm_storage_account" "storage_account" {
  name                     = "${local.environment}${local.name}sa"
  resource_group_name      = local.resource_group_name
  location                 = local.location
  account_tier             = "Standard"
  account_kind             = "StorageV2"
  account_replication_type = "RAGRS"
  min_tls_version          = "TLS1_2"
  allow_blob_public_access = false
  is_hns_enabled           = true
  tags                     = local.tags
}

resource "azurerm_storage_container" "container" {
  count                 = local.container_name != "" ? 1 : 0
  name                  = "${local.container_name}-cont"
  storage_account_name  = azurerm_storage_account.storage_account.name
  container_access_type = private
}

What I Did

I run:

terrascan scan -t azure

What I get:

results:
  violations:
  - rule_name: reme_checkStorageContainerAccess
    description: Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.
    rule_id: accurics.azure.IAM.368
    severity: HIGH    category: Identity and Access Management
    resource_name: container
    resource_type: azurerm_storage_container
    file: modules/07_storageAccount/main.tf
    line: 31
  count:
    low: 0
    medium: 0
    high: 1
    total: 1

How do I remove this error?

Thank you.
@amirbenv amirbenv added the bug label Jan 8, 2021
@devang-gaur devang-gaur added policy Issue concerning policy maintainers. and removed bug labels Jan 12, 2021
@gaurav-gogia gaurav-gogia mentioned this issue Jan 28, 2021
Merged
cesar-rodriguez pushed a commit that referenced this issue Jan 28, 2021
Merge pull request #517 from gaurav-gogia/fix_405
47d55e0 
fixes #405
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gaurav-gogia gaurav-gogia

Labels
policy Issue concerning policy maintainers.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixes #405
4 participants
@devang-gaur @gaurav-gogia @judaondo @amirbenv