Azure cognitive search does not disable public network access
Description
It is generally a good security practice to ensure that your Azure Cognitive Search instance does not have public network access enabled, as this means that it is only accessible from within your private network. This can help to protect your search instance from unauthorized access, as external parties will not be able to connect to it over the internet. It is especially important to ensure that public network access is disabled if your Azure Cognitive Search instance contains sensitive or confidential data.
Code Example
go
resource "azurerm_search_service" "example" {
...
+ public_network_access_enabled = false
}Remediation
Terraform
- Resource: azurerm_search_service
- Arguments: public_network_access_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0631 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_124 |