Ensure to not use the deprecated Classic registry
Azure Container Registry (ACR) is no longer supporting the Classic registry SKU. Ensure to use either one of the following SKUs: Basic, Premium or Standard.
Risk Level: Low
Cloud Entity: Container Registry
CloudGuard Rule ID: D9.AZU.AKS.09
Covered by Spectral: No
Category: Compute
GSL LOGIC
ContainerRegistry should not have sku.name='Classic'
REMEDIATION
From Portal
- Go to
Container registries
- Click on
Overview
section and then 'Update' button - Now select a new SKU from the SKU drop-down which is Basic, Standard or Premium
- Click
Save
.
From TF
Set the 'sku' argument under 'azurerm_container_registry' as below:
resource "azurerm_container_registry" "acr" {
...
sku = "Premium"/ "Basic"/ "Standard"
...
}
From Command Line
Run
az acr update --name --sku {Basic, Premium, Standard}
References
- https://docs.microsoft.com/en-us/azure/container-registry/container-registry-skus
- https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest#az-acr-update
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_registry
Container Registry
Azure Container Registry allows you to build, store, and manage images for all types of container deployments. Azure Container Registry allows you to store images for all types of container deployments including DC/OS, Docker Swarm, Kubernetes, and Azure services such as App Service, Batch, Service Fabric, and others.
Compliance Frameworks
- Azure CloudGuard Best Practices
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago