Key vault does not allow firewall rules settings

Description

Key vault's firewall prevents unauthorized traffic from reaching your key vault and provides an additional layer of protection for your secrets. Enable the firewall to make sure that only traffic from allowed networks can access your key vault. By defining "bypass=AzureServices" and "default_action= "deny" - only matched ip_rules and/or virtual_network_subnet_ids will be passed

Code Example

resource "azurerm_key_vault" "example" {
                  ...
 +                network_acls {
 +                  default_action = "Deny"
 +                  bypass = "AzureServices" 
                  }
                }

Remediation

Terraform

Resource: azurerm_key_vault
Arguments: network_acls.default_action

Rule Details

Field	Value
ID	IAC-0616
Severity	MEDIUM
IaC Type	arm
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AZURE_109

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Key vault does not allow firewall rules settings

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Key vault does not allow firewall rules settings ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Key vault does not allow firewall rules settings

Description

Code Example

Remediation

Rule Details

References