Risk Level: Low
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.AZU.AS.01
Covered by Spectral: Yes
Category: Storage

GSL LOGIC

StorageAccount should have region in('northeurope', 'westeurope', 'norwayeast', 'francecentral', 'swedencentral', 'germanywestcentral') and (secondaryRegion in('northeurope', 'westeurope', 'norwaywest', 'francesouth', 'swedensouth', 'germanynorth') or secondaryRegion isEmpty())

REMEDIATION

From Portal

Sign in to the Azure portal at https://portal.azure.com/.
Go to Storage accounts select Create.
In the region tab select - northeurope/ westeurope/norwayeast/francecentral/swedencentral/germanywestcentral.
Fill other required details
Click Create.

From TF
Set the 'location' argument as 'North Europe' or any Europe region:

resource "azurerm_storage_account" "example" {
	name                     = "storageaccountname"
	resource_group_name      = azurerm_resource_group.example.name
	location                 = "North Europe"
	account_tier             = "Standard"
	account_replication_type = "GRS"
	
	tags = {
		environment = "staging"
	}
}

From Command Line
Run

az storage account create --name ACCOUNTNAME --resource-group RESOURCEGRP --location northeurope --sku Standard_RAGRS --kind StorageV2

References

https://azure.microsoft.com/en-us/global-infrastructure/regions/#services
https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-cli

Azure Storage Account

An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.

Compliance Frameworks

Azure GDPR Readiness
CloudGuard Azure All Rules Ruleset