CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00794
- creditSnyk Research Team
Description
Disabling infrastructure encryption for Azure storage accounts can lead to data being stored without enhanced security measures, increasing the risk of unauthorized access and potential data breaches. Enabling this feature ensures that data is encrypted at rest using double encryption, providing an additional layer of security beyond the default service encryption.
How to fix?
Set the infrastructure_encryption_enabled attribute to true for the azurerm_storage_account resource.
Example Configuration
resource "azurerm_storage_account" "allow1" {
name = "storageaccount794a1"
resource_group_name = azurerm_resource_group.snyk.name
account_kind = "StorageV2"
location = azurerm_resource_group.snyk.location
account_tier = "Standard"
account_replication_type = "GRS"
infrastructure_encryption_enabled = true
}