GithubJoin us on Slack
Search…
Introduction to OpenRewrite
Getting Started
Quickstart: Maven and Gradle
Recipe Development Environment
Tutorials & Guides
Recipe Testing
Common Static Analysis Issue Remediation
Automatically Fix Checkstyle Violations
Migrate to Java 11 from Java 8
Migrate to JUnit 5 from JUnit 4
Migrate to Spring Boot 2 from Spring Boot 1
Migrate to Quarkus 2 from Quarkus 1
Migrate to Micronaut 3 from Micronaut 2
Migrate to SLF4J from Log4j
Use SLF4J Parameterized Logging
Writing a Java Refactoring Recipe
Modifying Methods with JavaTemplate
Refactoring with Declarative YAML Recipes
Automating Maven Dependency Management
Running Rewrite without build tool plugins
Writing recipes over multiple source file types
Reference
Latest versions of every OpenRewrite module
Maven Plugin Configuration
Gradle Plugin Configuration
JsonPath and JsonPathMatcher Reference
Declarative YAML Format
Method Patterns
Dependency Version Selectors
Recipes
Gradle
Hcl
Java
JSON
Maven
Properties
XML
YAML
CircleCI
Concourse
Github Actions
Kubernetes
Terraform
Add Terraform configuration
Use a long enough byte length for random resources
AWS
Azure
Best practices for Azure
Disable Kubernetes dashboard
Enable Azure Storage Account Trusted Microsoft Services access
Enable Azure Storage secure transfer required
Enable geo-redundant backups on PostgreSQL server
Encrypt Azure VM data disk with ADE/CMK
Ensure AKS policies add-on
Ensure AKV secrets have an expiration date set
Ensure Azure App Service Web app redirects HTTP to HTTPS
Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days
Ensure Azure PostgreSQL database server with SSL connection is enabled
Ensure Azure SQL Server threat detection alerts are enabled for all threat types
Ensure Azure SQL server audit log retention is greater than 90 days
Ensure Azure SQL server send alerts to field value is set
Ensure Azure application gateway has WAF enabled
Ensure Azure key vault is recoverable
Ensure FTP Deployments are disabled
Ensure MSSQL servers have email service and co-administrators enabled
Ensure MySQL is using the latest version of TLS encryption
Ensure MySQL server databases have Enforce SSL connection enabled
Ensure MySQL server disables public network access
Ensure MySQL server enables Threat Detection policy
Ensure MySQL server enables geo-redundant backups
Ensure PostgreSQL server disables public network access
Ensure PostgreSQL server enables Threat Detection policy
Ensure PostgreSQL server enables infrastructure encryption
Ensure Send email notification for high severity alerts is enabled
Ensure Send email notification for high severity alerts to admins is enabled
Ensure Web App has incoming client certificates enabled
Ensure Web App uses the latest version of HTTP
Ensure Web App uses the latest version of TLS encryption
Ensure a security contact phone number is present
Ensure activity log retention is set to 365 days or greater
Ensure all keys have an expiration date
Ensure app service enables HTTP logging
Ensure app service enables detailed error messages
Ensure app service enables failed request tracing
Ensure app services use Azure files
Ensure key vault allows firewall rules settings
Ensure key vault enables purge protection
Ensure key vault key is backed by HSM
Ensure key vault secrets have content_type set
Ensure log profile is configured to capture all activities
Ensure managed identity provider is enabled for app services
Ensure public network access enabled is set to False for mySQL servers
Ensure standard pricing tier is selected
Ensure storage account uses latest TLS version
Ensure the storage container storing activity logs is not publicly accessible
Set Azure Storage Account default network access to deny
GCP
Search
Concepts & Explanations
Abstract Syntax Trees
Recipes
Visitors
Styles
Environment
Markers
JavaTemplate
Pointcut Expressions
Design Partners
Design Partner 1
Powered By GitBook
Enable Azure Storage Account Trusted Microsoft Services access
** org.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess** Certain Microsoft services that interact with storage accounts operate from networks that cannot be granted access through network rules. Using this configuration, you can allow the set of trusted Microsoft services to bypass those network rules.

Tags

  • Azure
  • CKV_AZURE_36
  • terraform

Source

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-terraform
  • version: 1.6.0

Usage

This recipe has no required configuration options and can be activated directly after taking a dependency on org.openrewrite.recipe:rewrite-terraform:1.6.0 in your build file:
Gradle
Maven
build.gradle
1
plugins {
2
id("org.openrewrite.rewrite") version("5.22.2")
3
}
4
​
5
rewrite {
6
activeRecipe("org.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess")
7
}
8
​
9
repositories {
10
mavenCentral()
11
}
12
​
13
dependencies {
14
rewrite("org.openrewrite.recipe:rewrite-terraform:1.6.0")
15
}
Copied!
pom.xml
1
<project>
2
<build>
3
<plugins>
4
<plugin>
5
<groupId>org.openrewrite.maven</groupId>
6
<artifactId>rewrite-maven-plugin</artifactId>
7
<version>4.25.0</version>
8
<configuration>
9
<activeRecipes>
10
<recipe>org.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess</recipe>
11
</activeRecipes>
12
</configuration>
13
<dependencies>
14
<dependency>
15
<groupId>org.openrewrite.recipe</groupId>
16
<artifactId>rewrite-terraform</artifactId>
17
<version>1.6.0</version>
18
</dependency>
19
</dependencies>
20
</plugin>
21
</plugins>
22
</build>
23
</project>
Copied!
Recipes can also be activated directly from the command line by adding the argument -Drewrite.activeRecipesorg.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess

Definition

Recipe List
Yaml Recipe List
1
---
2
type: specs.openrewrite.org/v1beta/recipe
3
name: org.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess
4
displayName: Enable Azure Storage Account Trusted Microsoft Services access
5
description: Certain Microsoft services that interact with storage accounts operate from networks that cannot be granted access through network rules. Using this configuration, you can allow the set of trusted Microsoft services to bypass those network rules.
6
tags:
7
- Azure
8
- CKV_AZURE_36
9
- terraform
10
recipeList:
11
- org.openrewrite.terraform.AddConfiguration:
12
resourceName: azurerm_storage_account
13
content: bypass = ["AzureServices"]
14
- org.openrewrite.terraform.AddConfiguration:
15
resourceName: azurerm_storage_account_network_rules
16
content: bypass = ["AzureServices"]
Copied!
Previous
Disable Kubernetes dashboard
Next
Enable Azure Storage secure transfer required
Last modified 5d ago
Export as PDF
Copy link
Contents
Tags
Source
Usage
Definition