Storage Accounts ‘Secure transfer required’ should be enabled¶
Description¶
The secure transfer option enhances the security of a storage account by only allowing requests to the storage account by a secure connection. This control does not apply for custom domain names since Azure storage does not support HTTPS for custom domain names.
Remediation Steps¶
Azure Portal¶
Navigate to Storage Accounts.
Select the Storage Account and in the left navigation, select Configuration.
In Secure transfer required, select Enabled and click Save.
Azure CLI¶
Enable secure transfer required for your Storage Account:
az storage account update -g {ResourceGroupName} -n {StorageAccountName} --https-only true { "name": "{StorageAccountName}", "enableHttpsTrafficOnly": true, "type": "Microsoft.Storage/storageAccounts" ... }
Azure Resource Manager¶
Ensure that a Microsoft.Storage/storageAccounts resource contains the following:
{
"properties": {
"supportsHttpsTrafficOnly": true
}
}
Example Configuration¶
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-06-01",
"properties": {
"supportHttpsTrafficOnly": true
}
# other required fields here
}
Terraform¶
Ensure that an azurerm_storage_account contains the following:
enable_https_traffic_only
= true
Example Configuration¶
resource "azurerm_storage_account" "example" {
enable_https_traffic_only = true
# other required fields here
}