⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 Azure → 📁 Storage
🛡️ Azure Storage Account uses Locally Redundant Storage replication option🟢
- Contextual name: 🛡️ Storage Account uses Locally Redundant Storage replication option🟢
- ID:
/ce/ca/azure/storage/locally-redundant-storage - Tags:
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
RELIABILITY
Logic
Description
Description
Verify that Azure Storage Accounts are not configured with Locally Redundant Storage (LRS) replication.
Azure Storage offers multiple replication options to enhance data durability and availability. Locally Redundant Storage (LRS) replicates data synchronously three times within a single physical location (i.e., a single data center), offering basic least expensive protection against hardware failures.
Rationale
Although LRS provides resilience against local hardware issues such as drive or server rack failures, it does not offer protection against data center-wide disruptions—such as those caused by natural disasters, power outages, or large-scale equipment failures.
For higher availability and fault tolerance across broader scopes (e.g., availability zones or geographic regions), it is recommended to use one of the following replication options:
Zone-Redundant Storage (ZRS): Replicates data across multiple availability zones within a region.
Geo-Redundant Storage (GRS): Replicates data to a secondary geographic region.
... see more
Remediation
Remediation
Important Considerations
- Refer to the official Microsoft documentation for up-to-date guidance on limitations, replication options, and capabilities.
- Always validate replication changes in a non-production environment before applying them in production to avoid service disruptions or data loss.
Switching to Geo-Redundant Storage
Azure CLI
az storage account update \
--name {{storage-account-name}} \
--resource-group {{resource-group-name}} \
--sku {{sku}}PowerShell
Set-AzStorageAccount `
-ResourceGroupName "{{resource-group-name}}" `
-Name "{{storage-account-name}}" `
-SkuName "{{sku}}"Note: To migrate to Geo-Zone-Redundant Storage (GZRS), you must first switch the account to GRS. Afterward, you can convert it to GZRS using the migration commands described in the next section.
Conversion to Zone-Redundant Storage
A redundancy "conversion" is the process of changing the zone-redundancy aspect of a storage account to convert from LRS to Zone-Redundant Storage (ZRS), or from GRS to Geo-Zone-Redundant Storage (GZRS).
... see more
policy.yaml
Linked Framework Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v4.0.0 → 💼 10.3.12 Ensure Redundancy is set to 'geo-redundant storage (GRS)' on critical Azure Storage Accounts (Automated) | 1 | no data | |||
| 💼 Cloudaware Framework → 💼 System Configuration | 34 | no data |