CKV_AZURE_109
Ensure key vault allows firewall rules settings
Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.
Ensure key vault allows firewall rules settings
Ensure Virtual Machine Extensions are not Installed
Ensure that Application Gateway enables WAF
Ensure default network access rule for Storage Accounts is set to deny
Ensure Storage logging is enabled for Blob service for read requests
Ensure that AKS uses Azure Policies Add-on
Ensure AKS local admin account is disabled
Ensure Windows VM enables encryption
Ensure Storage Account is using the latest version of TLS encryption
S3 Bucket has an ACL defined which allows public WRITE access.
Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)
Ensure GuardDuty is enbaled to specific org/region
Ensure Azure storage account logging for tables is enabled
Ensure that Elasticsearch is configured inside a VPC
Ensure Redshift cluster is encrypted by KMS
Ensure RDS cluster has IAM authentication enabled
Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)
Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)
Verify Elasticsearch domain is using an up to date TLS policy
Ensure that Elasticsearch is not using the default Security Group
Ensure KMS key policy does not contain wildcard (*) principal
Ensure AWS Redshift database has audit logging enabled
Ensure Elasticsearch Domain Logging is enabled
Ensure all commits GPG signed
Ensure that Azure Data Factory uses Git repository for source control
Ensure that key vault enables purge protection
Ensure App Service is registered with an Azure Active Directory account
Ensure the web app has certificates set
Ensure that 'HTTP Version' is the latest if used to run the web app
Ensure function apps are only accessible over HTTPS
Ensure that Storage Accounts use customer-managed key for encryption
Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account