Ensure that if Azure Batch account public network access in case ‘enabled’ then its account access must be ‘deny’
Description
This policy checks if Azure Batch account public network access is enabled and ensures that the account access default action is set to 'deny'. This is important because allowing public access to Azure Batch accounts without proper restrictions can expose them to unauthorized access and potential security risks. By setting the default action to 'deny', you can help prevent unintended access to your Batch accounts. This rule helps enforce a secure configuration for Azure Batch accounts.
Code Example
json
{"properties": {
"publicNetworkAccess": "enabled",
"networkProfile": {
"accountAccess": {
"defaultAction": "deny"
}
}
}}Remediation
Set the account access default action to 'deny' when public network access is enabled for the Azure Batch account.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0755 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Microsoft.Batch/batchAccounts, Microsoft.Batch/batchAccounts, azurerm_batch_account |
| Checkov ID | CKV_AZURE_248 |