Terraform Logging Disabled For Queue
Description
Detects Azure Storage Accounts configured without proper logging enabled. Missing storage logging can prevent the detection and investigation of unauthorized access or malicious activities on storage resources.
Detection Strategy
• Identifies Azure Storage Account resources in Terraform configurations
• Validates if logging features are properly enabled for the storage account
• Reports a security issue when logging configurations are missing or disabled
Vulnerable code example
resource "azurerm_storage_account" "example" {
name = "storageaccount"
resource_group_name = "example-rg"
location = "eastus"
account_tier = "Standard"
account_replication_type = "LRS"
queue_properties {...✅ Secure code example
resource "azurerm_storage_account" "example" {
name = "st${random_string.unique.result}" # Generate unique name dynamically
resource_group_name = "example-rg"
location = "eastus"
account_tier = "Standard"
account_replication_type = "GRS" # Using geo-redundant storage for better reliability
min_tls_version = "TLS1_2" # Enforce minimum TLS 1.2 for secure communication
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.