Control: Azure > Storage > Storage Account > Shared Key Access

Define the Shared Key Access settings required for Azure > Storage > Storage Account.

This control checks whether Shared Key access is enabled or disabled for Azure Storage Accounts, as required by security best practices or organizational policy. The control evaluates the allowSharedKeyAccess property of each storage account. If the property does not match the policy, the control will alarm. If the policy is set to "Enforce: Disabled" or "Enforce: Enabled", the control will attempt to set Shared Key access accordingly.

Resource Types

This control targets the following resource types:

Azure > Storage > Storage Account

Policies

The following policies can be used to configure this control:

Azure > Storage > Storage Account > Shared Key Access

Permissions

Cloud permissions used by this control and its actions:

microsoft.storage/storageaccounts/write

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-storage#/control/types/storageAccountSharedKeyAccess

Category URI

tmod:@turbot/turbot#/control/categories/security

GraphQL

query controlType(id: "tmod:@turbot/azure-storage#/control/types/storageAccountSharedKeyAccess") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-storage#/control/types/storageAccountSharedKeyAccess'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-storage#/control/types/storageAccountSharedKeyAccess"