Ensure to filter source Ips for Cosmos DB Account
When you access your Azure Cosmos DB account from a computer on the internet, the client IP address or IP address range of the machine must be added to the allowed list of IP addresses for your account.
Risk Level: Medium
Cloud Entity: Azure Cosmos DB
CloudGuard Rule ID: D9.AZU.NET.23
Covered by Spectral: Yes
Category: Database
GSL LOGIC
CosmosDbAccount should have ipRangeFilter
REMEDIATION
Azure Console
- Go to Azure CosmoDB
- For each CosmoDB
- Click on Firewall and virtual networks
- Select 'Selected Networks'
- Under Firewall, add IP ranges to allow access from the internet or your on-premises networks
Azure Cosmos DB
Azure Cosmos DB is a fully managed database service with turnkey global distribution and transparent multi-master replication. You can run globally distributed, low-latency operational and analytics workloads and AI on transactional data within your database.
Compliance Frameworks
- Azure CloudGuard Best Practices
- Azure CloudGuard CheckUp
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago