Skip to main content

πŸ”Œ Azure Storage Account - object.extracts.yaml

  • Contextual name: πŸ”Œ object.extracts.yaml
  • ID: /types/CA10__CaAzureStorageAccount__c/object.extracts.yaml
  • Located in: πŸ“• Azure Storage Account

Used In​

LogicPolicyFlags
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Allow Blob Anonymous Access is set enabled 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Cross Tenant Replication is enabled 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Default Network Access Rule is not set to Deny 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Minimum TLS Version is not set to TLS 1.2 or higher 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Public Network Access is not disabled 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Require Infrastructure Encryption is not enabled 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Secure Transfer Required is not enabled 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Account uses Locally Redundant Storage replication option 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Blob Containers Soft Delete is not enabled 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ Azure Storage Table Logging is not enabled for Read, Write, and Delete requests 🟒🟒 x3

Content​

Open File

---
extracts:
# This is a checkbox. Not nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts
  - name: "CA10__secureTransferRequired__c"
    value: 
      FIELD:
        path: "CA10__secureTransferRequired__c"
# Values: Enabled, Disabled. Not Nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts
  - name: "CA10__requireInfrastructureEncryptionState__c"
    value: 
      FIELD:
        path: "CA10__requireInfrastructureEncryptionState__c"
        undeterminedIf:
          isEmpty: "Corrupted data. Require Infrastructure Encryption setting cannot be empty."
# Values: Enabled, Disabled. Not Nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts
  - name: "CA10__publicNetworkAccessState__c"
    value: 
      FIELD:
        path: "CA10__publicNetworkAccessState__c"
        undeterminedIf:
          isEmpty: "Corrupted data. Public Network Access cannot be empty."
# Values: Allow, Deny. Not nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts.
  - name: "CA10__networkAclsDefaultAction__c"
    value: 
      FIELD:
        path: "CA10__networkAclsDefaultAction__c"
        undeterminedIf:
          isEmpty: "Corrupted data. Default Network Action cannot be empty."
# Values: any combination of Logging|Metrics|AzureServices or None. Not nullable. 
# Can't have no access, retrieved via Microsoft.Storage/storageAccounts.
  - name: "CA10__networkAclsBypass__c"
    value: 
      FIELD:
        path: "CA10__networkAclsBypass__c"
        undeterminedIf:
          isEmpty: "Corrupted data. Network Bypass cannot be empty."
# Values TLS1_0, TLS1_1, TLS1_2. Not nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts.
  - name: "CA10__minimumTlsVersion__c"
    value: 
      FIELD:
        path: "CA10__minimumTlsVersion__c"
        undeterminedIf:
          isEmpty: "Corrupted data. TLS Version cannot be empty."
# Values: Allow, Deny, null (Old storage accounts can have null, which means that the account can still have replication). 
# Nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts.
  - name: "CA10__crossTenantReplication__c"
    value: 
      FIELD:
        path: "CA10__crossTenantReplication__c"
# Values: Allow, Deny. Not nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts.
  - name: "CA10__blobPublicAccess__c"
    value: 
      FIELD:
        path: "CA10__blobPublicAccess__c"
        undeterminedIf:
          isEmpty: "Corrupted data. Allow Blob Anonymous Access cannot be empty."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__blobLoggingReadState__c"
    value: 
      FIELD:
        path: "CA10__blobLoggingReadState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__blobLoggingReadState__c"
            currentStateMessage: "Unable to determine Blob Container Logging Read property. Possible permission issue with Microsoft.Storage/storageAccounts/blobServices/containers/read"
          isEmpty: "Storage Blob Logging is not populated yet."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__blobLoggingWriteState__c"
    value: 
      FIELD:
        path: "CA10__blobLoggingWriteState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__blobLoggingWriteState__c"
            currentStateMessage: "Unable to determine Blob Container Logging Write property. Possible permission issue with Microsoft.Storage/storageAccounts/blobServices/containers/read"
          isEmpty: "Storage Blob Logging is not populated yet."
 # Values Enabled, Disabled. Not Nullable
  - name: "CA10__blobLoggingDeleteState__c"
    value: 
      FIELD:
        path: "CA10__blobLoggingDeleteState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__blobLoggingDeleteState__c"
            currentStateMessage: "Unable to determine Blob Container Logging Delete property. Possible permission issue with Microsoft.Storage/storageAccounts/blobServices/containers/read"
          isEmpty: "Storage Blob Logging is not populated yet."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__queueLoggingReadState__c"
    value: 
      FIELD:
        path: "CA10__queueLoggingReadState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__queueLoggingReadState__c"
            currentStateMessage: "Unable to determine Queue Logging Read property. Possible permission issue with Microsoft.Storage/storageAccounts/queueServices/queues/read"
          isEmpty: "Storage Queue Logging is not populated yet."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__queueLoggingWriteState__c"
    value: 
      FIELD:
        path: "CA10__queueLoggingWriteState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__queueLoggingWriteState__c"
            currentStateMessage: "Unable to determine Queue Logging Write property. Possible permission issue with Microsoft.Storage/storageAccounts/queueServices/queues/read"
          isEmpty: "Storage Queue Logging is not populated yet."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__queueLoggingDeleteState__c"
    value: 
      FIELD:
        path: "CA10__queueLoggingDeleteState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__queueLoggingDeleteState__c"
            currentStateMessage: "Unable to determine Queue Logging Delete property. Possible permission issue with Microsoft.Storage/storageAccounts/queueServices/queues/read"
          isEmpty: "Storage Queue Logging is not populated yet."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__tableLoggingReadState__c"
    value: 
      FIELD:
        path: "CA10__tableLoggingReadState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__tableLoggingReadState__c"
            currentStateMessage: "Unable to determine Table Logging Read property. Possible permission issue with Microsoft.Storage/storageAccounts/tableServices/tables/read"
          isEmpty: "Storage Table Logging is not populated yet."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__tableLoggingWriteState__c"
    value: 
      FIELD:
        path: "CA10__tableLoggingWriteState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__tableLoggingWriteState__c"
            currentStateMessage: "Unable to determine Table Logging Write property. Possible permission issue with Microsoft.Storage/storageAccounts/tableServices/tables/read"
          isEmpty: "Storage Table Logging is not populated yet."
# Values Enabled, Disabled. Not Nullable
  - name: "CA10__tableLoggingDeleteState__c"
    value: 
      FIELD:
        path: "CA10__tableLoggingDeleteState__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__tableLoggingDeleteState__c"
            currentStateMessage: "Unable to determine Table Logging Delete property. Possible permission issue with Microsoft.Storage/storageAccounts/tableServices/tables/read"
          isEmpty: "Storage Table Logging is not populated yet."
# Values Microsoft.Storage, Microsoft.Keyvault. Not Nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts
  - name: "CA10__encryptionKeySource__c"
    value: 
      FIELD:
        path: "CA10__encryptionKeySource__c"
        undeterminedIf:
          isEmpty: "Corrupted data. Encryption Key Source cannot be empty."
# Nullable. Can't have no access, retrieved via Microsoft.Storage/storageAccounts
  - name: "CA10__encryptionKeyVaultUri__c"
    value: 
      FIELD:
        path: "CA10__encryptionKeyVaultUri__c"
# Nullable. 
  - name: "CA10__blobRetentionPolicyDays__c"
    value: 
      FIELD:
        path: "CA10__blobRetentionPolicyDays__c"
# Values: Enabled, Disabled. Nullable. 
  - name: "CA10__blobRetentionPolicyState__c"
    value: 
      FIELD:
        path: "CA10__blobRetentionPolicyState__c"
# Nullable. 
  - name: "CA10__containerRetentionPolicyDays__c"
    value: 
      FIELD:
        path: "CA10__containerRetentionPolicyDays__c"
# Values: Enabled, Disabled. Nullable. 
  - name: "CA10__containerRetentionPolicyState__c"
    value: 
      FIELD:
        path: "CA10__containerRetentionPolicyState__c"
# Nullable. Text field.
  - name: "CA10__skuName__c"
    value:
      FIELD:
        path: "CA10__skuName__c"