Azure Container Registry dedicated data endpoint is disabled
Description
This policy checks whether dedicated data endpoints are enables in Azure. Dedicated data endpoints enhance security by directing data connections through private IPs within your virtual network. Disabled endpoints expose data to the public internet, increasing the risk of interception or breaches. Enabling dedicated data endpoints strengthens your security posture.
Code Example
go
resource "azurerm_container_registry" "example" {
...
+ data_endpoint_enabled = true
}Remediation
Terraform
- Resource: azurerm_container_registry
- Arguments: data_endpoint_enabled
Enable the dedicated data endpoints to limit data traffic to private IP addresses in your virtual network.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0744 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_237 |