Geo-replication for Azure Container Images is disabled Affecting Container service in Azure

Snyk CCSS

Availability / Redundancy

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CSA-CCM GDPR HIPAA ISO-27001 NIST-800-53 SOC-2

Snyk ID SNYK-CC-00516
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Missing geo-replication leads to reduced availability of container images.

How to fix?

Set a replication block within the resource, including a valid location attribute.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
      {
        "type": "Microsoft.ContainerRegistry/registries",
        "apiVersion": "2019-05-01",
        "name": "allowed1",
        "location": "[resourceGroup().location]",
        "sku": {
          "name": "Premium",
          "tier": "Premium"
        },
        "properties": {
          "adminUserEnabled": false,
          "networkRuleSet": {
            "defaultAction": "Deny",
            "virtualNetworkRules": [],
            "ipRules": []
          },
          "replication": [
            {
              "location": "East US",
              "zoneRedundancy": false
            },
            {
              "location": "West Europe",
              "zoneRedundancy": false
            }
          ]
        }
      }
    ]
  }

Geo-replication for Azure Container Images is disabled Affecting Container service in Azure

Severity

Description

How to fix?

Example Configuration

ARM

Terraform

References