-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a storage account to resource group #95
Conversation
Add storage account (blob store) in order to shunt large database backup files to Azure from AWS.
resource "azurerm_storage_account" "raw-data" { | ||
name = "rawdata" | ||
resource_group_name = azurerm_resource_group.raw-data.name | ||
location = azurerm_resource_group.raw-data.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
|
||
tags = local.required_tags | ||
} |
Check failure
Code scanning / checkov
Ensure that Storage blobs restrict public access
resource "azurerm_storage_account" "raw-data" { | ||
name = "rawdata" | ||
resource_group_name = azurerm_resource_group.raw-data.name | ||
location = azurerm_resource_group.raw-data.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
|
||
tags = local.required_tags | ||
} |
Check failure
Code scanning / checkov
Ensure that Storage Accounts use replication
resource "azurerm_storage_account" "raw-data" { | ||
name = "rawdata" | ||
resource_group_name = azurerm_resource_group.raw-data.name | ||
location = azurerm_resource_group.raw-data.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
|
||
tags = local.required_tags | ||
} |
Check failure
Code scanning / checkov
Ensure Storage Account is using the latest version of TLS encryption
resource "azurerm_storage_account" "raw-data" { | ||
name = "rawdata" | ||
resource_group_name = azurerm_resource_group.raw-data.name | ||
location = azurerm_resource_group.raw-data.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
|
||
tags = local.required_tags | ||
} |
Check failure
Code scanning / checkov
Ensure Storage logging is enabled for Queue service for read, write and delete requests
resource "azurerm_storage_account" "raw-data" { | ||
name = "rawdata" | ||
resource_group_name = azurerm_resource_group.raw-data.name | ||
location = azurerm_resource_group.raw-data.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
|
||
tags = local.required_tags | ||
} |
Check failure
Code scanning / checkov
Ensure that Storage Accounts use customer-managed key for encryption
resource "azurerm_storage_account" "raw-data" { | ||
name = "rawdata" | ||
resource_group_name = azurerm_resource_group.raw-data.name | ||
location = azurerm_resource_group.raw-data.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
|
||
tags = local.required_tags | ||
} |
Check failure
Code scanning / checkov
Ensure storage for critical data are encrypted with Customer Managed Key
resource "azurerm_storage_account" "raw-data" { | ||
name = "rawdata" | ||
resource_group_name = azurerm_resource_group.raw-data.name | ||
location = azurerm_resource_group.raw-data.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
|
||
tags = local.required_tags | ||
} |
Check failure
Code scanning / checkov
Ensure that Storage accounts disallow public access
Add storage account (blob store) in order to shunt large database backup files to Azure from AWS.