Storage accounts should be configured to only accept transfers that are over secure connections
Explanation
You can configure your storage account to accept requests from secure connections only by setting the Secure transfer required property for the storage account.
When you require secure transfer, any requests originating from an insecure connection are rejected.
Microsoft recommends that you always require secure transfer for all of your storage accounts.
Insecure Example
The following example will fail the AZU014 check.
resource "azurerm_storage_account" "bad_example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
enable_https_traffic_only = false
}
Secure Example
The following example will pass the AZU014 check.
resource "azurerm_storage_account" "good_example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
enable_https_traffic_only = true
}