Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a storage account to resource group #95

Merged
merged 1 commit into from
Mar 21, 2023
Merged

Add a storage account to resource group #95

merged 1 commit into from
Mar 21, 2023

Conversation

eternaltyro
Copy link
Contributor

Add storage account (blob store) in order to shunt large database backup files to Azure from AWS.

@eternaltyro
Add a storage account to resource group
b76f1b1 
Add storage account (blob store) in order to shunt large database backup
files to Azure from AWS.
@eternaltyro eternaltyro added enhancement New feature or request infrastructure Don't let it crumble.. labels Mar 21, 2023
@eternaltyro eternaltyro self-assigned this Mar 21, 2023
@eternaltyro eternaltyro merged commit cc7b596 into develop Mar 21, 2023
@eternaltyro eternaltyro deleted the enhance/storage-account branch March 21, 2023 14:18
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 21, 2023
View reviewed changes
infra/production/main.tf
Comment on lines +38 to +46
resource "azurerm_storage_account" "raw-data" {
name = "rawdata"
resource_group_name = azurerm_resource_group.raw-data.name
location = azurerm_resource_group.raw-data.location
account_tier = "Standard"
account_replication_type = "LRS"

tags = local.required_tags
}

Check failure

Code scanning / checkov

Ensure that Storage blobs restrict public access

Ensure that Storage blobs restrict public access
infra/production/main.tf
Comment on lines +38 to +46
resource "azurerm_storage_account" "raw-data" {
name = "rawdata"
resource_group_name = azurerm_resource_group.raw-data.name
location = azurerm_resource_group.raw-data.location
account_tier = "Standard"
account_replication_type = "LRS"

tags = local.required_tags
}

Check failure

Code scanning / checkov

Ensure that Storage Accounts use replication

Ensure that Storage Accounts use replication
infra/production/main.tf
Comment on lines +38 to +46
resource "azurerm_storage_account" "raw-data" {
name = "rawdata"
resource_group_name = azurerm_resource_group.raw-data.name
location = azurerm_resource_group.raw-data.location
account_tier = "Standard"
account_replication_type = "LRS"

tags = local.required_tags
}

Check failure

Code scanning / checkov

Ensure Storage Account is using the latest version of TLS encryption

Ensure Storage Account is using the latest version of TLS encryption
infra/production/main.tf
Comment on lines +38 to +46
resource "azurerm_storage_account" "raw-data" {
name = "rawdata"
resource_group_name = azurerm_resource_group.raw-data.name
location = azurerm_resource_group.raw-data.location
account_tier = "Standard"
account_replication_type = "LRS"

tags = local.required_tags
}

Check failure

Code scanning / checkov

Ensure Storage logging is enabled for Queue service for read, write and delete requests

Ensure Storage logging is enabled for Queue service for read, write and delete requests
infra/production/main.tf
Comment on lines +38 to +46
resource "azurerm_storage_account" "raw-data" {
name = "rawdata"
resource_group_name = azurerm_resource_group.raw-data.name
location = azurerm_resource_group.raw-data.location
account_tier = "Standard"
account_replication_type = "LRS"

tags = local.required_tags
}

Check failure

Code scanning / checkov

Ensure that Storage Accounts use customer-managed key for encryption

Ensure that Storage Accounts use customer-managed key for encryption
infra/production/main.tf
Comment on lines +38 to +46
resource "azurerm_storage_account" "raw-data" {
name = "rawdata"
resource_group_name = azurerm_resource_group.raw-data.name
location = azurerm_resource_group.raw-data.location
account_tier = "Standard"
account_replication_type = "LRS"

tags = local.required_tags
}

Check failure

Code scanning / checkov

Ensure storage for critical data are encrypted with Customer Managed Key

Ensure storage for critical data are encrypted with Customer Managed Key
infra/production/main.tf
Comment on lines +38 to +46
resource "azurerm_storage_account" "raw-data" {
name = "rawdata"
resource_group_name = azurerm_resource_group.raw-data.name
location = azurerm_resource_group.raw-data.location
account_tier = "Standard"
account_replication_type = "LRS"

tags = local.required_tags
}

Check failure

Code scanning / checkov

Ensure that Storage accounts disallow public access

Ensure that Storage accounts disallow public access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@eternaltyro eternaltyro

Labels
enhancement New feature or request infrastructure Don't let it crumble..
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@eternaltyro