Azure CosmosDB does not have Local Authentication disabled
Description
Disabling the admin account for your Azure Container Registry (ACR) can help improve the security of your registry. The admin account has full access to all resources within the registry, and can make any changes to the registry and its contents.
Code Example
go
resource "azurerm_cosmosdb_account" "pass" {
name = "pike-sql"
location = "uksouth"
resource_group_name = "pike"
offer_type = "Standard"
kind = "GlobalDocumentDB"
local_authentication_disabled = true
enable_free_tier = true
consistency_policy {
consistency_level = "Session"
max_interval_in_seconds = 5
max_staleness_prefix = 100
}Remediation
Terraform
- Resource: azurerm_container_registry
- Arguments: admin_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0647 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_140 |