Do not allow public access container or its blobs

ID

azure_storage_container_accessible

Severity

critical

Vendor

Azure

Resource

Network

Tags

reachable

Description

Do not allow public access container or its blobs. By default, the containers are private, if you configure public_access=container or public_access=blob, public read access to a container and its blobs are enabled.

Learn more about this topic at Azure public access container.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create container foo and upload a file
      azure_rm_storageblob:
        resource_group: myResourceGroup
        storage_account_name: clh0002
        container: foo
        blob: graylog.png
        src: ./files/graylog.png
        public_access: container
        content_type: 'application/image'
yml

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create container foo and upload a file
      azure_rm_storageblob:
        resource_group: myResourceGroup
        storage_account_name: clh0002
        container: foo
        blob: graylog.png
        src: ./files/graylog.png
        content_type: 'application/image'
yml