Control: Shared key access should be disabled for storage accounts
Description
Disabling shared key access ensures that only Azure AD identities can access storage accounts, improving security.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_shared_key_access_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_shared_key_access_disabled --shareSQL
This control uses a named query:
select sa.id as resource, case when allow_shared_key_access then 'alarm' else 'ok' end as status, case when allow_shared_key_access then sa.name || ' shared key access is enabled.' else sa.name || ' shared key access is disabled.' end as reason , sa.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account sa, azure_subscription subwhere sub.subscription_id = sa.subscription_id;