Azure Data factory public network access enabled
ID |
data_factory_public_network_access_enabled |
Severity |
high |
Vendor |
Azure |
Resource |
Data Factory |
Tags |
reachable |
Description
Azure Data Factory should have private access.
Azure Data Factory is Azure’s cloud ETL service for scale-out serverless data integration and data transformation.
It has public access set to true by default.
Disabling public network access is applicable only to the self-hosted integration runtime, not to Azure Integration Runtime and SQL Server Integration Services (SSIS) Integration Runtime.
See Data Factory Security to review Microsoft’s Data Factory security considerations.
Examples
ARM
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "bad", (1)
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"publicNetworkAccess": "Enabled"
}
}
]
}| 1 | Azure Data Factory allows public access. |
Mitigation / Fix
Buildtime
ARM
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "good", (1)
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"publicNetworkAccess": "Disabled"
}
}
]
}| 1 | Azure Data Factory disables public access. |