Control: Ensure that 'Public access level' is set to Private for blob containers
Description
Disable anonymous access to blob containers and disallow blob public access on storage account.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_blob_containers_public_access_privateSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_blob_containers_public_access_private --shareSQL
This control uses a named query:
select container.id as resource, case when not account.allow_blob_public_access and container.public_access = 'None' then 'ok' else 'alarm' end as status, case when not account.allow_blob_public_access and container.public_access = 'None' then account.name || ' container ' || container.name || ' doesn''t allow anonymous access.' else account.name || ' container ' || container.name || ' allows anonymous access.' end as reason , container.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_container container join azure_storage_account account on container.account_name = account.name join azure_subscription sub on sub.subscription_id = account.subscription_id;