Set ACLs to Deny for storage (#1765)

pamelafox · web-flow · commit a1fe90090e4e · 2024-06-26T10:45:49.000-07:00
diff --git a/infra/core/storage/storage-account.bicep b/infra/core/storage/storage-account.bicep
@@ -26,10 +26,10 @@ param sku object = { name: 'Standard_LRS' }
 @allowed([ 'None', 'AzureServices' ])
 param bypass string = 'AzureServices'
 
-var networkAcls = {
+var networkAcls = (publicNetworkAccess == 'Enabled') ? {
   bypass: bypass
   defaultAction: 'Allow'
-}
+} : { defaultAction: 'Deny' }
 
 resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
   name: name
@@ -67,4 +67,4 @@ resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = {
 
 output id string = storage.id
 output name string = storage.name
-output primaryEndpoints object = storage.properties.primaryEndpoints
+output primaryEndpoints object = storage.properties.primaryEndpoints
