Azure SQL on Virtual Machine (Linux) with basic authentication
Description
Disabling password authentication for your Azure virtual machine (VM) can help improve the security of your VM. Password authentication allows users to access the VM using a password, rather than an Azure Active Directory (Azure AD) account or other form of authentication. By disabling password authentication, you can help prevent unauthorized access to your VM and protect it from potential security threats such as data breaches or unauthorized access. Instead, you should use more secure forms of authentication such as Azure AD, SSH keys, or multi-factor authentication.
Code Example
go
resource "azurerm_linux_virtual_machine_scale_set" "pass" {
name = var.scaleset_name
resource_group_name = var.resource_group.name
location = var.resource_group.location
sku = var.sku
instances = var.instance_count
admin_username = var.admin_username
disable_password_authentication = true
tags = { test = "Fail" }
}Remediation
Terraform
- Resource: azurerm_linux_virtual_machine_scale_set
- Arguments: disable_password_authenticatio
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0656 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_149 |