Virtual Machine extensions are installed
Description
Ensure that your Microsoft Azure virtual machines (VMs) do not have extensions installed in order to follow your organization's security and compliance requirements. Azure virtual machine extensions are small cloud applications that provide post-deployment configuration and automation tasks for virtual machines. These extensions run with administrative privileges and could potentially access any configuration file or piece of data on a virtual machine.
Code Example
go
resource "azurerm_linux_virtual_machine" "example" {
...
~ allow_extension_operations=false
}Remediation
Terraform
- Resource: azurerm_virtual_machine, azurerm_linux_virtual_machine
- Arguments: allow_extension_operations
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0560 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_50 |