Ensure that 'Secure transfer required' is set to 'Enabled' for Storage Accounts
The secure transfer option enhances the security of your storage account by only allowing requests to the storage account by a secure connection. Azure storage does not support HTTPS for custom domain names, so this option is not applied when using a custom domain name.
Risk Level: High
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.TF.AZU.CRY.01
Covered by Spectral: Yes
Category: Storage
GSL LOGIC
azurerm_storage_account should have enable_https_traffic_only=true
REMEDIATION
From TF
Set the 'enable_https_traffic_only' argument to 'true':
resource "azurerm_storage_account" "example" {
..
enable_https_traffic_only = true
..
}
References:
- https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#enable_https_traffic_only
Azure Storage Account
An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.
Compliance Frameworks
- Azure Terraform Ruleset
Updated over 1 year ago