github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/storage/AVD-AZU-0010/Terraform.md (about) 1 2 Allow Trusted Microsoft Services to bypass 3 4 ```hcl 5 resource "azurerm_storage_account" "good_example" { 6 name = "storageaccountname" 7 resource_group_name = azurerm_resource_group.example.name 8 9 location = azurerm_resource_group.example.location 10 account_tier = "Standard" 11 account_replication_type = "LRS" 12 13 network_rules { 14 default_action = "Deny" 15 ip_rules = ["100.0.0.1"] 16 virtual_network_subnet_ids = [azurerm_subnet.example.id] 17 bypass = ["Metrics", "AzureServices"] 18 } 19 20 tags = { 21 environment = "staging" 22 } 23 } 24 25 resource "azurerm_storage_account_network_rules" "test" { 26 resource_group_name = azurerm_resource_group.test.name 27 storage_account_name = azurerm_storage_account.test.name 28 29 default_action = "Allow" 30 ip_rules = ["127.0.0.1"] 31 virtual_network_subnet_ids = [azurerm_subnet.test.id] 32 bypass = ["Metrics", "AzureServices"] 33 } 34 35 ``` 36 37 #### Remediation Links 38 - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#bypass 39 40 - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules#bypass 41