azure-storsync-public-ingress

Ensure that Azure File Sync disables public network access

It is recommended to disable the public endpoints for Azure Files and File Sync in order to protect the your data from unauthorized access due to misconfigurations. Please note that, by default, creating a private endpoint does not block connections to the public endpoint.

Examples

Insecure Example

resource "azurerm_storage_sync" "test" {
  name                = "example-storage-sync"
  resource_group_name = azurerm_resource_group.test.name
  location            = azurerm_resource_group.test.location

  incoming_traffic_policy = "AllowAllTraffic"  # (default value is AllTraffic)
}

Secure Example

resource "azurerm_storage_sync" "test" {
  name                = "example-storage-sync"
  resource_group_name = azurerm_resource_group.test.name
  location            = azurerm_resource_group.test.location

  incoming_traffic_policy = "AllowVirtualNetworksOnly"
}

More information

• Azure Docs
• Terraform Docs