Control: Storage account public access should be disallowed
Description
Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_block_public_accessSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_block_public_access --shareSQL
This control uses a named query:
select sa.id as resource, case when lower(sa.public_network_access) = 'disabled' then 'ok' else 'alarm' end as status, case when lower(sa.public_network_access) = 'disabled' then sa.name || ' not publicy accessible.' else sa.name || ' publicy accessible.' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account sa, azure_subscription subwhere sub.subscription_id = sa.subscription_id;