From 63bff608358c5f44a969585ac15ceef61b14b68b Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 28 Aug 2022 12:10:22 +0000 Subject: [PATCH 1/3] no public storage accounts --- .../core/terraform/airlock/airlock_processor.tf | 13 +++++++------ templates/core/terraform/storage.tf | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/templates/core/terraform/airlock/airlock_processor.tf b/templates/core/terraform/airlock/airlock_processor.tf index 9c8a77da9e..348486f519 100644 --- a/templates/core/terraform/airlock/airlock_processor.tf +++ b/templates/core/terraform/airlock/airlock_processor.tf @@ -19,12 +19,13 @@ resource "azurerm_service_plan" "airlock_plan" { } resource "azurerm_storage_account" "sa_airlock_processor_func_app" { - name = local.airlock_function_sa_name - resource_group_name = var.resource_group_name - location = var.location - account_tier = "Standard" - account_replication_type = "LRS" - tags = var.tre_core_tags + name = local.airlock_function_sa_name + resource_group_name = var.resource_group_name + location = var.location + account_tier = "Standard" + account_replication_type = "LRS" + allow_nested_items_to_be_public = false + tags = var.tre_core_tags lifecycle { ignore_changes = [tags] } } diff --git a/templates/core/terraform/storage.tf b/templates/core/terraform/storage.tf index 3bbb47ea20..22ba892c66 100644 --- a/templates/core/terraform/storage.tf +++ b/templates/core/terraform/storage.tf @@ -1,10 +1,11 @@ resource "azurerm_storage_account" "stg" { - name = lower(replace("stg-${var.tre_id}", "-", "")) - resource_group_name = azurerm_resource_group.core.name - location = azurerm_resource_group.core.location - account_tier = "Standard" - account_replication_type = "LRS" - tags = local.tre_core_tags + name = lower(replace("stg-${var.tre_id}", "-", "")) + resource_group_name = azurerm_resource_group.core.name + location = azurerm_resource_group.core.location + account_tier = "Standard" + account_replication_type = "LRS" + allow_nested_items_to_be_public = false + tags = local.tre_core_tags lifecycle { ignore_changes = [tags] } } From c47a0e8a71f7172f13a945fda6ab321136ab4df8 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 28 Aug 2022 12:16:38 +0000 Subject: [PATCH 2/3] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11b24ab63e..c19a57f980 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ FEATURES: ENHANCEMENTS: * Adding Log Analytics & Antimalware VM extensions ([#2520](https://github.com/microsoft/AzureTRE/pull/2520)) +* Block anonymous access to 2 storage accounts ([#2524](https://github.com/microsoft/AzureTRE/pull/2524)) BUG FIXES: From cf745a138c84464ab23d06d0682de0de72c0e461 Mon Sep 17 00:00:00 2001 From: Tamir Kamara <26870601+tamirkamara@users.noreply.github.com> Date: Sun, 28 Aug 2022 12:30:38 +0000 Subject: [PATCH 3/3] core version --- templates/core/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/core/version.txt b/templates/core/version.txt index b4ed79e09d..e427a55476 100644 --- a/templates/core/version.txt +++ b/templates/core/version.txt @@ -1 +1 @@ -__version__ = "0.4.20" +__version__ = "0.4.21"