Azure Synapse Workspace missing extended audit logs
Description
This policy detects whether extended audit logs are disabled on an Azure Synapse Workspace. Logging mechanisms are essential for tracking user actions, policy breaches, data access, and troubleshooting issues, making it a critical practice for maintaining security and compliance within Azure environments. Extended audit logs provide detailed records of access and activity within the workspace, which are crucial for monitoring and investigating potential security risks like unauthorized access or anomalies.
Code Example
go
resource "azurerm_synapse_workspace" "example" {
...
}
resource "azurerm_synapse_workspace_extended_auditing_policy" "example" {
synapse_workspace_id = azurerm_synapse_workspace.example.id
...
}Remediation
Terraform
- Resource: azurerm_synapse_workspace
- Arguments: azurerm_synapse_workspace_extended_auditing_policy
Ensure that all `azurerm_synapse_workspace` resources are connected to a `azurerm_synapse_workspace_extended_auditing_policy`. In this example, extended audit logging is configured for your Terraform templates.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0810 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_53 |