Home > database >  Is it ok to have terraform state in Azure blob as public?
Is it ok to have terraform state in Azure blob as public?

Time:09-29

I want to have Terraform's backend in Azure Storage Account. I'm following this article by Microsoft.

And, I quote from the article

Public access is allowed to Azure storage account for storing Terraform state.

But wouldn't that make the state downloadable publicly, hence it will expose our infrastructure?

What's the best practice here? Thanks..

CodePudding user response:

You are correct having your storage account publicly available is a bad idea. Best practice is to have your backend state file in a blob container that is locked down (usually with a firewall and the public access level of the container set to private). And then you can use any of the ways seen here to authenticate to Azure. I personally use a service principal as it is easy to set up and avoids using user credentials and access keys.

Page link:https//www.codepudding.com/database/559690.html

Prev:django Templates sum prices of cart items
Next:Get all parent hierarchy from a work Item via API Azure Boards
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding