Network access bypass for Trusted Microsoft Services is not enabled on the storage account Affecting Storage service in Azure

Snyk CCSS

Data / Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Azure CIS-Controls

Snyk ID SNYK-CC-00598
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Trusted network services cannot be whitelisted via network rules. When any network rule is configured, the trusted services will not be able to access the storage account. Note, by default there is no network rule configured.

How to fix?

Set properties.networkAcls.bypass attribute to `'Azure Services'. Ensure to add appropriate rules for your application alongside the proposed remediation step.

Terraform

azurerm_storage_account
azurerm_storage_account_network_rules

References

Grant access to trusted Azure services

Network access bypass for Trusted Microsoft Services is not enabled on the storage account Affecting Storage service in Azure

Severity

Description

How to fix?

Terraform

References