Azure Cognitive Services account configured with public network access
Description
Disabling the public network access property improves security by ensuring your Azure Cognitive Services can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.
Code Example
go
resource "azurerm_cognitive_account" "examplea" {
name = "example-account"
location = var.resource_group.location
resource_group_name = var.resource_group.name
kind = "Face"
public_network_access_enabled = false
sku_name = "S0"
}Remediation
Terraform
- Resource: azurerm_cognitive_account
- Arguments: public_network_access_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0641 |
| Severity | HIGH |
| IaC Type | arm |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_134 |