Control: Storage account public access should be disallowed
Description
Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data but might present security risks. To prevent data breaches caused by undesired anonymous access, Microsoft recommends preventing public access to a storage account unless your scenario requires it.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.storage_account_block_public_accessSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.storage_account_block_public_access --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'allow_blob_public_access') is null then 'ok' when (attributes_std -> 'allow_blob_public_access')::bool then 'alarm' else 'ok' end status, split_part(address, '.', 2) || case when (attributes_std -> 'allow_blob_public_access') is null then ' does not allow public access to the blobs or containers' when (attributes_std -> 'allow_blob_public_access')::bool then ' allows public access to all the blobs or containers' else ' does not allow public access to the blobs or containers' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_storage_account';