Vulnerabilities
Misconfiguration
Compliance
Azure > Storage >

HIGH
Source
Trivy
ID
AVD-AZU-0059

Storage account should have secure transfer and minimum TLS version configured

Storage accounts should enforce HTTPS for secure data transfer and use a minimum TLS version of 1.2. This ensures that logs and data stored in the storage account are encrypted in transit. Azure Storage encrypts all data at rest by default, but transport encryption is also critical.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Enable secure transfer and set minimum TLS version to TLS1_2

1
2
3
4
5
6
7
8
9

resource "azurerm_storage_account" "good_example" {
  name                       = "storageaccountname"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  account_tier               = "Standard"
  account_replication_type   = "GRS"
  https_traffic_only_enabled = true
  min_tls_version            = "TLS1_2"
}

1
2
3
4
5
6
7

resource "azurerm_storage_account" "bad_example" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
}
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use