azure-storage-public-access¶
Ensure that 'Public access level' is set to Private for blob containers
Allowing anonymous access to your storage account may present a potential security risk. Instead it is recommended to use an authenticated means or a shared access signature, to grant revokable access to your storage containers.
Examples¶
Insecure Example
resource "azurerm_storage_account" "example" {
name = "examplestoraccount"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
container_access_type = "container"
}
Secure Example
resource "azurerm_storage_account" "example" {
name = "examplestoraccount"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
container_access_type = "private"
}