Ensure that 'Secure transfer required' is set to 'Enabled' for Storage Accounts

The secure transfer option enhances the security of your storage account by only allowing requests to the storage account by a secure connection. Azure storage does not support HTTPS for custom domain names, so this option is not applied when using a custom domain name.

Risk Level: High
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.TF.AZU.CRY.01
Covered by Spectral: Yes
Category: Storage

GSL LOGIC

azurerm_storage_account should have enable_https_traffic_only=true

REMEDIATION

From TF
Set the 'enable_https_traffic_only' argument to 'true':

resource "azurerm_storage_account" "example" {
	..
	enable_https_traffic_only = true
	..
}

References:

  1. https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#enable_https_traffic_only

Azure Storage Account

An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.

Compliance Frameworks

  • Azure Terraform Ruleset