Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account
Configure one Azure Active Directory account, either an individual or Network Security Group account, as an administrator. It is not necessary to configure an Azure AD administrator, but an Azure AD administrator must be configured if you want to use Azure AD accounts to connect to SQL Databases.It is recommended to avoid using names like 'admin' or 'administrator', which are targeted in brute force dictionary attacks.
Risk Level: Low
Cloud Entity: Azure Active Directory
CloudGuard Rule ID: D9.TF.AZU.IAM.04
Covered by Spectral: No
Category: Security, Identity, & Compliance
GSL LOGIC
azurerm_sql_active_directory_administrator should not have login regexMatch /admin|Admin/
REMEDIATION
From TF
Set the 'login' argument under 'azurerm_sql_active_directory_administrator' as below:
resource "azurerm_sql_active_directory_administrator" "example" {
...
login = "NAME"
...
}
References:
- https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator
Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft���s cloud-based identity and access management service, which helps your employees sign in and access resources in external resources and internal res
Compliance Frameworks
- Azure Terraform Ruleset
Updated over 1 year ago