| Vulnerability Database

Storage account should use geo-redundant replication

Geo-redundant storage (GRS) replicates your data to a secondary region that is hundreds of miles away from the primary region. This provides an additional level of durability for your data in the event of a complete regional outage or a disaster. Options include GRS, RAGRS, GZRS, and RAGZRS for geo-redundancy.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Configure storage account to use geo-redundant replication (GRS, RAGRS, GZRS, or RAGZRS)

1
2
3
4
5
6
7


resource "azurerm_storage_account" "good_example" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
}

1
2
3
4
5
6
7


resource "azurerm_storage_account" "good_example" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "RAGRS"
}

1
2
3
4
5
6
7


resource "azurerm_storage_account" "good_example" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "GZRS"
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#account_replication_type