Azure Storage Account (File Service, Queue Service, Table Service) Unknown Results : Aqua Wave

Azure Storage Account (File Service, Queue Service, Table Service) Unknown Results Print

Created by: Matt Fuller

Modified on: Thu, 28 May, 2020 at 3:32 PM

Issue:

When scanning Azure subscriptions, results for the "File Storage," "Queue Service," and/or "Table Service" plugins are shown as "Unknown" with the message:

"Aqua does not have permission to list storage account keys."

Solution:

For Aqua CSPM to properly scan Storage Accounts in Azure, we require access to the keys used to access the file, queue, and table services.

Alternative: If you would prefer not to provide Aqua access to these services, we recommend suppressing the following plugins:

File Service All Access ACL
Table Service All Access ACL
Queue Service All Access ACL

Steps:

Log into Azure and locate the subscription.
Click into the subscription and click the Access control (IAM) settings.
Choose the "Role Assignments" tab.
Click "Add" > "Add role assignment."
Choose "Storage Account Key Operator Service Role."
Under "Select" search for the application connected to Aqua Cloud (it may be named "aquacspm" or "cloudsploit").
"Save."

Matt is the author of this solution article.

Did you find it helpful? Yes No

How can we help you today?

Azure Storage Account (File Service, Queue Service, Table Service) Unknown Results Print

Related Articles