CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00695
- creditSnyk Research Team
Description
Virtual Machines should use Managed Disks. Virtual Machine managed disks are designed for security and reliability in mind, so in most cases, users should use managed disks instead of their own disks. Managed disks are encrypted by default with Microsoft-managed keys, and are integrated with availability sets and support availability zones for high availability.
How to fix?
Virtual Machines should use Managed Disks for OS and data.
Example configuration:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2022-03-01",
"name": "allowed1",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', 'example-nic1-695')]",
"[resourceId('Microsoft.Compute/disks', 'example-md1-695')]"
],
"properties": {
"hardwareProfile": {
"vmSize": "Standard_DS1_v2"
},
"osProfile": {
"computerName": "hostname695-1",
"adminUsername": "testadmin",
"adminPassword": "Password1234!"
},
"storageProfile": {
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "16.04-LTS",
"version": "latest"
},
"osDisk": {
"name": "myosdisk695-1",
"createOption": "FromImage",
"deleteOption": "Delete",
"managedDisk": {
"storageAccountType": "Standard_LRS"
}
},
"dataDisks": [
{
"name": "example-md1-695",
"diskSizeGB": "[reference(resourceId('Microsoft.Compute/disks', 'example-md1-695'), '2022-03-02', 'Full').properties.diskSizeGB]",
"lun": 0,
"createOption": "Attach",
"deleteOption": "Delete",
"managedDisk": {
"id": "[resourceId('Microsoft.Compute/disks', 'example-md1-695')]"
}
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', 'example-nic1-695')]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": false
}
}
}
}
]
}
Virtual Machines should use Managed Disks for OS and data.
Example configuration:
resource "azurerm_virtual_machine" "allowed1" {
name = "example-vm-managed-os-data695"
resource_group_name = azurerm_resource_group.example-rg-695.name
location = azurerm_resource_group.example-rg-695.location
network_interface_ids = [azurerm_network_interface.example-nic1-695.id]
vm_size = "Standard_DS1_v2"
delete_os_disk_on_termination = true
delete_data_disks_on_termination = true
os_profile {
computer_name = "hostname695-1"
admin_username = "testadmin"
admin_password = "Password1234!"
}
os_profile_linux_config {
disable_password_authentication = false
}
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
storage_os_disk {
name = "myosdisk695-1"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
storage_data_disk {
name = azurerm_managed_disk.example-md1.name
managed_disk_id = azurerm_managed_disk.example-md1.id
lun = 0
create_option = "Attach"
disk_size_gb = azurerm_managed_disk.example-md1.disk_size_gb
}
}