Control: Storage accounts should prohibit blob public access
Description
Azure Storage accounts should have the 'Allow Blob public access' property set to disabled to prevent unauthorized access.
Usage
Run the control in your terminal:
powerpipe control run azure_perimeter.control.storage_account_prohibit_blob_public_accessSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_perimeter.control.storage_account_prohibit_blob_public_access --shareSteampipe Tables
SQL
select a.id as resource, case when not allow_blob_public_access then 'ok' else 'alarm' end as status, case when not allow_blob_public_access then a.name || ' prohibits public access to blobs.' else a.name || ' allows public access to blobs.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_storage_account a, azure_subscription subwhere sub.subscription_id = a.subscription_id;