Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure Azure Storage Account default network access is set to Deny #522

Closed
wants to merge 2 commits into from
Closed

Ensure Azure Storage Account default network access is set to Deny #522

wants to merge 2 commits into from

Conversation

Acenl12
Copy link
Contributor

@Acenl12 Acenl12 commented May 4, 2023

Restricting default network access helps to provide an additional layer of security. By default, storage accounts accept connections from clients on any network. To limit access to selected networks, the default action must be changed.

@Acenl12
Ensure Azure Storage Account default network access is set to Deny
c371a55 
Ensure Azure Storage Account default network access is set to Deny
@ghost ghost added the Needs: Triage 🔍 Needs triaging by the team label May 4, 2023
@jtracey93
Copy link
Collaborator

Hey @Acenl12,

Thanks for the PR.

This is a change to an internal function we use to help us cleanup subscriptions once they've been used in a PR. This isn't something we expect customers to use and is not part of the ALZ architecture.

Can I ask for some background and context to this change. Are you using this function?

@jtracey93 jtracey93 added Needs: Author Feedback and removed Needs: Triage 🔍 Needs triaging by the team labels May 4, 2023
@ghost
Copy link

ghost commented May 11, 2023

This pull request has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 7 days of this comment.

@Acenl12
Copy link
Contributor Author

Acenl12 commented May 12, 2023
edited
Loading

Hey @Acenl12,

Thanks for the PR.

This is a change to an internal function we use to help us cleanup subscriptions once they've been used in a PR. This isn't something we expect customers to use and is not part of the ALZ architecture.

Can I ask for some background and context to this change. Are you using this function?

I think you guys need to lead by example and not expose insecure configs in GitHub

@jikuja
Copy link

jikuja commented Oct 8, 2023

Hey @Acenl12,
Thanks for the PR.
This is a change to an internal function we use to help us cleanup subscriptions once they've been used in a PR. This isn't something we expect customers to use and is not part of the ALZ architecture.
Can I ask for some background and context to this change. Are you using this function?

I think you guys need to lead by example and not expose insecure configs in GitHub

Did you test if function app still works after applying this change?

@oZakari oZakari self-assigned this Nov 7, 2023
@oZakari oZakari requested a review from a team as a code owner November 13, 2023 21:24
@oZakari
Copy link
Contributor

oZakari commented Nov 15, 2023

Hi @Acenl12, we are using the free tier for Azure functions which does not have VNet integration or private endpoint capabilities. We also cannot deny public access and only allow Azure services for the storage account as Azure Functions are currently not classified under the trusted services list.

As @jtracey93, the resources within this configuration are only used for an internal test/sandbox subscription and are not to related to the functionality/design of ALZ or the underlying modules within this repository.

@oZakari oZakari closed this Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@oZakari oZakari

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Acenl12 @jtracey93 @jikuja @oZakari