For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/ansible-azure-storage-account-not-forcing-https.md.
A documentation index is available at /llms.txt.
Storage Accounts must enforce HTTPS-only connections to prevent sensitive data from being transmitted in cleartext and reduce the risk of man-in-the-middle interception. For Ansible tasks using azure.azcollection.azure_rm_storageaccount or azure_rm_storageaccount, the https_only property must be set to true. Resources where https_only is missing (it defaults to false) or explicitly set to false are flagged.
Secure example:
- name:Create storage account with HTTPS enforcedazure.azcollection.azure_rm_storageaccount:name:myStorageAccountresource_group:myResourceGrouplocation:eastusaccount_type:Standard_LRShttps_only:true
Compliant Code Examples
- name:create an accountazure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:yestags:testing:testingdelete:on-exit- name:create an account2azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:truetags:testing:testingdelete:on-exit- name:create an account3azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:truetags:testing:testingdelete:on-exit- name:create an account4azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:'true'tags:testing:testingdelete:on-exit- name:create an account5azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:'True'tags:testing:testingdelete:on-exit- name:create an account6azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:yestags:testing:testingdelete:on-exit- name:create an account7azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:Yestags:testing:testingdelete:on-exit- name:create an account8azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:Yestags:testing:testingdelete:on-exit
Non-Compliant Code Examples
---- name:create an accountazure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRStags:testing:testingdelete:on-exit- name:create an account2azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:falsetags:testing:testingdelete:on-exit- name:create an account3azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:Falsetags:testing:testingdelete:on-exit- name:create an account4azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:notags:testing:testingdelete:on-exit- name:create an account5azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:Notags:testing:testingdelete:on-exit- name:create an account6azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:"false"tags:testing:testingdelete:on-exit- name:create an account7azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:"False"tags:testing:testingdelete:on-exit- name:create an account8azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:"no"tags:testing:testingdelete:on-exit- name:create an account9azure.azcollection.azure_rm_storageaccount:resource_group:myResourceGroupname:clh0002type:Standard_RAGRShttps_only:"No"tags:testing:testingdelete:on-exit
1
2
rulesets:- Ansible / Azure # Rules to enforce / Azure.
Request a personalized demo
Get Started with Datadog
Ask AI
AI-generated responses may be inaccurate. Verify important info.
