Triage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of storage accounts allowing public traffic in Azure, you can follow the below steps:
- Open the Azure Portal and navigate to the storage account that is allowing public traffic.
- Click on “Firewalls and virtual networks” under the “Settings” section in the left-hand menu.
- In the “Firewalls and virtual networks” tab, select “Selected networks” under the “Allow access from” section.
- Add the IP addresses or ranges that need access to the storage account.
- Under the “Network connectivity” section, select “Private endpoint” to restrict access to the storage account to only those clients that have a private endpoint in the same virtual network.
- Save the changes.
Using CLI
Using CLI
To remediate the issue of Azure Storage Accounts allowing public traffic, you can follow the below steps using Azure CLI:
- Open the Azure CLI in your terminal or command prompt.
- Login to your Azure account using the command
az login. - Once you are logged in, select the subscription that contains the storage account using the command
az account set --subscription <subscription-id>. - Identify the storage account that is allowing public traffic using the command
az storage account list. - Once you have identified the storage account, update the network access rule to deny public access using the command
az storage account update --name <storage-account-name> --resource-group <resource-group-name> --default-action Deny.
<subscription-id>, <storage-account-name>, and <resource-group-name> with the actual values from your environment.After executing the above command, the storage account will be updated to deny public access, and only authorized traffic will be allowed to access the storage account.Using Python
Using Python
To remediate the Azure storage accounts allowing public traffic misconfiguration using Python, you can use the Azure SDK for Python. Follow these steps:That’s it! With these steps, you should be able to remediate the Azure storage accounts allowing public traffic misconfiguration using Python.
- Install the Azure SDK for Python using pip:
- Import the necessary modules:
- Initialize the BlockBlobService object with your storage account credentials:
- Get a list of all containers in the storage account:
- For each container, set the public access level to ‘None’:
- Finally, verify that the public access level for all containers is set to ‘None’: