Azure Storage Account (File Service, Queue Service, Table Service) Unknown Results
Issue:
When scanning Azure subscriptions, results for the "File Storage," "Queue Service," and/or "Table Service" plugins are shown as "Unknown" with the message:
"Aqua does not have permission to list storage account keys."
Solution:
For Aqua CSPM to properly scan Storage Accounts in Azure, we require access to the keys used to access the file, queue, and table services.
Alternative: If you would prefer not to provide Aqua access to these services, we recommend suppressing the following plugins:
- File Service All Access ACL
- Table Service All Access ACL
- Queue Service All Access ACL
Steps:
- Log into Azure and locate the subscription.
- Click into the subscription and click the Access control (IAM) settings.
- Choose the Role Assignments tab.
- Click Add > Add role assignment.
- Choose Storage Account Key Operator Service Role.
- Under Select search for the application connected to Aqua Cloud (it may be named "aquacspm" or "cloudsploit").
- Click Save.
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.