Storage Accounts outside Europe
Identify Storage Accounts outside of the following regions: northeurope, westeurope
Risk Level: Low
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.AZU.AS.01
Covered by Spectral: Yes
Category: Storage
GSL LOGIC
StorageAccount should have region in('northeurope', 'westeurope', 'norwayeast', 'francecentral', 'swedencentral', 'germanywestcentral') and (secondaryRegion in('northeurope', 'westeurope', 'norwaywest', 'francesouth', 'swedensouth', 'germanynorth') or secondaryRegion isEmpty())
REMEDIATION
From Portal
- Sign in to the Azure portal at https://portal.azure.com/.
- Go to
Storage accounts
select Create. - In the region tab select - northeurope/ westeurope/norwayeast/francecentral/swedencentral/germanywestcentral.
- Fill other required details
- Click
Create
.
From TF
Set the 'location' argument as 'North Europe' or any Europe region:
resource "azurerm_storage_account" "example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = "North Europe"
account_tier = "Standard"
account_replication_type = "GRS"
tags = {
environment = "staging"
}
}
From Command Line
Run
az storage account create --name ACCOUNTNAME --resource-group RESOURCEGRP --location northeurope --sku Standard_RAGRS --kind StorageV2
References
- https://azure.microsoft.com/en-us/global-infrastructure/regions/#services
- https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account
- https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-cli
Azure Storage Account
An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.
Compliance Frameworks
- Azure GDPR Readiness
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago