Azure ACR enables anonymous image pulling
Description
Disabling anonymous image pulling for your Azure Container Registry (ACR) can help improve the security of your registry. When anonymous image pulling is enabled, anyone can pull images from your registry without needing to authenticate or have authorization.
Code Example
go
resource "azurerm_container_registry" "ckv_unittest_pass_1" {
name = "containerRegistry1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Premium"
anonymous_pull_enabled = false
}Remediation
Terraform
- Resource: azurerm_container_registry
- Arguments: anonymous_pull_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0645 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_138 |