azure-storage-tls-version

Ensure Storage Account is using the latest version of TLS encryption

Setting a minimal TLS version ensures that subsequent, newer TLS versions are supported. It is recommended to set the minimal TLS version to 1.2, after testing to confirm your applications support it, because it includes fixes for vulnerabilities found in previous versions. It’s also the highest TLS version supported in Azure Storage.

Examples

Insecure Example

resource "azurerm_storage_account" "example" {
  name                      = "examplestoraccount"
  resource_group_name       = azurerm_resource_group.example.name
  location                  = azurerm_resource_group.example.location
  account_tier              = "Standard"
  account_replication_type  = "LRS"
  container_access_type     = "container"
  enable_https_traffic_only = false  # (default value is true)
  min_tls_version           = "TLS1_0"
}

Secure Example

resource "azurerm_storage_account" "example" {
  name                      = "examplestoraccount"
  resource_group_name       = azurerm_resource_group.example.name
  location                  = azurerm_resource_group.example.location
  account_tier              = "Standard"
  account_replication_type  = "LRS"
  container_access_type     = "private"
  enable_https_traffic_only = true
  min_tls_version           = "TLS1_2"
}

More information

• Azure Docs
• Terraform Docs