Azure Container Registry (ACR) not zone redundant

Description

This policy checks to ensure that the Azure Container Registry (ACR) is zone redundant, ensuring resource distribution across multiple zones within the same region. Zone redundancy is important as it guarantees high availability and resilience during zone-wide failures. Without zone redundancy, ACR may experience unavailability during zone-specific issues occur, disrupting services relying on it and potentially leading to substantial business disruptions.

Code Example

resource "azurerm_container_registry" "acr" {
  ...
  sku                 = "Premium"
  ...
  georeplications {
    ...
    zone_redundancy_enabled = true
  }
}

Remediation

Terraform

Resource: azurerm_container_registry
Arguments: zone_redundancy_enabled

To fix this issue, in your Azure Container Registry (ACR) resource, set the zone_redundancy_enabled attribute to true.

Rule Details

Field	Value
ID	IAC-0740
Severity	LOW
IaC Type	arm
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AZURE_233

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure Container Registry (ACR) not zone redundant

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure Container Registry (ACR) not zone redundant ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure Container Registry (ACR) not zone redundant

Description

Code Example

Remediation

Rule Details

References