Getting Started
Getting started Custom Checks ConfigChecks
Home
AWS001
AWS002
AWS003
AWS004
AWS005
AWS006
AWS007
AWS008
AWS009
AWS010
AWS011
AWS012
AWS013
AWS014
AWS015
AWS016
AWS017
AWS018
AWS019
AWS020
AWS021
AWS022
AWS023
AWS024
AWS025
AWS031
AWS032
AWS033
AWS034
AWS035
AWS036
AWS037
AWS038
AWS039
AWS040
AWS041
AWS042
AWS043
AWS044
AWS045
AWS046
AWS047
AWS048
AWS049
AWS050
AWS051
AWS052
AWS053
AWS054
AWS055
AWS057
Github Actions
Code Scanning Alerts PR CommenterAZU016
When using Queue Services for a storage account, logging should be enabled.
Explanation
Storage Analytics logs detailed information about successful and failed requests to a storage service.
This information can be used to monitor individual requests and to diagnose issues with a storage service.
Requests are logged on a best-effort basis.
Insecure Example
The following example will fail the AZU016 check.
resource "azurerm_storage_account" "bad_example" {
name = "example"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
queue_properties {
}
}Secure Example
The following example will pass the AZU016 check.
resource "azurerm_storage_account" "good_example" {
name = "example"
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
queue_properties {
logging {
delete = true
read = true
write = true
version = "1.0"
retention_policy_days = 10
}
}
}