Scribd Logo
Upload

Welcome to Scribd!

  • Azure Cloud Security Cheat Sheet: Storage Key Vaults

    Uploaded by

    test123
    6 views1 page
    This document provides a cheat sheet of essential Azure commands to secure cloud resources like storage accounts, databases, key vaults, and web apps. It lists commands to enable storage logging, set default deny network rules for storage, encrypt data in transit, enable SSL for databases, and redirect HTTP traffic to HTTPS among others. It recommends using the Cyscale platform to automate cloud security tasks and simplify compliance as it provides advanced analysis and actionable insights.

    Original Description:

    Original Title

    1692960036040

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a cheat sheet of essential Azure commands to secure cloud resources like storage accounts, databases, key vaults, and web apps. It lists commands to enable storage logging, set default deny network rules for storage, encrypt data in transit, enable SSL for databases, and redirect HTTP traffic to HTTPS among others. It recommends using the Cyscale platform to automate cloud security tasks and simplify compliance as it provides advanced analysis and actionable insights.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    6 views1 page

    Azure Cloud Security Cheat Sheet: Storage Key Vaults

    Uploaded by

    test123
    This document provides a cheat sheet of essential Azure commands to secure cloud resources like storage accounts, databases, key vaults, and web apps. It lists commands to enable storage logging, set default deny network rules for storage, encrypt data in transit, enable SSL for databases, and redirect HTTP traffic to HTTPS among others. It recommends using the Cyscale platform to automate cloud security tasks and simplify compliance as it provides advanced analysis and actionable insights.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Azure Cloud Security

    Cheat Sheet
    Enhance your cloud security using these essential commands to safeguard your storage accounts, databases, key vaults,
    and web apps. Using this cheatsheet, you can secure your Azure cloud resources in no time.

    0101
    0101 Storage Key Vaults
    Enable storage logging for Blobs for Read, Write
 Ensure that Azure Key Vaults are recoverable

    and Delete requests


    az resource update --id <resourceID> --set
    az storage logging update --account-name properties.enablePurgeProtection=true
    <storageAccountName> --account-key <storageAccountKey> properties.enableSoftDelete=true

    --services b --log rwd --retention 90

    Enable logging for Azure Key Vaults

    Set the default network access rule for Storage az monitor diagnostic-settings create --storage-account
    Accounts to Deny
    "<storageAccountID>" --resource "<keyVaultResourceID>"
    az storage account update --name <storageAccountName> --name "<logName>" --logs '[{"category":
    --resource-group <resourceGroupName> --default-action Deny

    "AuditEvent","enabled": true}]' --metrics '[{"category":


    "AllMetrics","enabled": true}]'

    Enable ‘Secure transfer required’ to encrypt data


    in transit to and from Storage Accounts
    Set an expiration date for keys in Key Vaults

    az storage account update --name <storageAccountName> az keyvault key set-attributes --name <keyName> --vault-
    --resource-group <resourceGroupName> --https-only true name <vaultName> --expires Y-m-d'T'H:M:S'Z'

    Databases Services
    Enable SSL for database servers connection Use the latest version of TLS encryption for web
    PostGreSQL Single Server
    apps

    az postgres server update --resource-group az webapp config set --resource-group


    <resourceGroupName> --name <serverName> --ssl- <resourceGroupName> --name <applicationName> --min-
    enforcement Enable tls-version 1.2

    MariaDB

    az mariadb server update --resource-group Redirect all HTTP web app traffic to HTTPS in
    <resourceGroupName> --name <serverName> --ssl- Azure App Services

    enforcement Enabled 

    az webapp update --resource-group <resourceGroupName>


    --name <applicationName> --set httpsOnly=true

    Enable data encryption on an SQL database

    az sql db tde set --resource-group <resourceGroup> Use the latest HTTP version for web apps

    --server <dbServerName> --database <dbName> --status az webapp config set --resource-group


    Enabled <resourceGroupName> --name <applicationName> --http20-
    enabled true

    You can find these commands, and more, in Cyscale. The Cyscale Platform is a powerful cloud security solution that
    automates cloud misconfiguration checks, strengthens cloud security, and simplifies compliance tasks. By leveraging advanced
    contextual analysis and providing actionable insights, the platform empowers organizations to confidently embrace the cloud
    while ensuring a robust security posture. Streamline your cloud security management and gain peace of mind with Cyscale.

    cyscale.com

    You might also like