Added blob public storage feature enablement.

Azure · Feb 1, 2024 · 274fc1f · 274fc1f
1 parent ce1d7e2
commit 274fc1f
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -208,6 +208,19 @@ azd env set _VPN_SHARED_KEY <your_shared_key>
 ```
 
 
+#### Feature: Public Blob Access
+
+__Purpose:__ Control public access to Blob Storage.
+
+__Details:__ The Storage accounts have public access points that can be enabled or disabled to enhance security.
+
+__How to Disable:__
+
+```bash
+azd env set ENABLE_BLOB_PUBLIC_ACCESS false
+```
+
+
 ### Deployment Commands
 
 Efficiently manage the resources with these Azure Developer CLI commands. They are designed to streamline the deployment process, allowing for a smooth setup and teardown of your environment.

diff --git a/bicep/main.bicep b/bicep/main.bicep
@@ -797,7 +797,7 @@ module vaultEndpoint './modules/private-endpoint/main.bicep' = if (enablePrivate
 */
 
 @description('Optional. Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false.')
-param allowBlobPublicAccess bool = false
+param enableBlobPublicAccess bool = true
 
 var storageDNSZoneForwarder = 'blob.${environment().suffixes.storage}'
 var storageDnsZoneName = 'privatelink.${storageDNSZoneForwarder}'
@@ -822,7 +822,7 @@ module configStorage './modules/storage-account/main.bicep' = {
     tables: commonLayerConfig.storage.tables
 
     // Apply Security
-    allowBlobPublicAccess: allowBlobPublicAccess
+    allowBlobPublicAccess: enableBlobPublicAccess
 
     // Assign RBAC
     roleAssignments: [
@@ -1311,6 +1311,9 @@ module partitionStorage './modules/storage-account/main.bicep' = [for (partition
     diagnosticWorkspaceId: logAnalytics.outputs.resourceId
     diagnosticLogsRetentionInDays: 0
 
+    // Apply Security
+    allowBlobPublicAccess: enableBlobPublicAccess
+
     // Configure Service
     sku: partitionLayerConfig.storage.sku
     containers: concat(partitionLayerConfig.storage.containers, [partition.name])

diff --git a/bicep/main.parameters.json b/bicep/main.parameters.json
@@ -14,6 +14,9 @@
     "enableBastion": {
       "value": "${ENABLE_BASTION}"
     },
+    "enableBlobPublicAccess": {
+      "value": "${ENABLE_BLOB_PUBLIC_ACCESS}"
+    },
     "vpnSharedKey": {
       "value": "${VPN_SHARED_KEY}"
     },