azure-storage-public-access

Ensure that 'Public access level' is set to Private for blob containers

Allowing anonymous access to your storage account may present a potential security risk. Instead it is recommended to use an authenticated means or a shared access signature, to grant revokable access to your storage containers.

Examples

Insecure Example

resource "azurerm_storage_account" "example" {
  name                     = "examplestoraccount"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  container_access_type    = "container"
}

Secure Example

resource "azurerm_storage_account" "example" {
  name                     = "examplestoraccount"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  container_access_type    = "private"
}

More information

• Azure Docs
• Azure Security Recommendations
• Terraform Docs