turbot/steampipe-mod-azure-perimeter

Control: Storage accounts should prohibit blob public access

Description

Azure Storage accounts should have the 'Allow Blob public access' property set to disabled to prevent unauthorized access.

Usage

Run the control in your terminal:

powerpipe control run azure_perimeter.control.storage_account_prohibit_blob_public_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_perimeter.control.storage_account_prohibit_blob_public_access --share

Steampipe Tables

SQL

select
a.id as resource,
case
when not allow_blob_public_access then 'ok'
else 'alarm'
end as status,
case
when not allow_blob_public_access then a.name || ' prohibits public access to blobs.'
else a.name || ' allows public access to blobs.'
end as reason
, a.resource_group as resource_group
, sub.display_name as subscription
from
azure_storage_account a,
azure_subscription sub
where
sub.subscription_id = a.subscription_id;

Tags