Azurerm_storage_account make sure that omitting to log is safe here

Sonarcloud is scanning our terraform code for the azurerm_storage_account resource.

It reports this:

make sure that omitting to log is safe here

But there is no text in how can I fix this to show what to do. I am wondering if it wants me to add a logging block, but this is only relevant inside a queue_properties block. And I am not using queues.

My code is:

resource "azurerm_storage_account" "cdn_storage_account" {
  tags                     = local.tags
  name                     = "${local.stgname}stor07"
  location                 = azurerm_resource_group.keyvault_resource_group.location
  resource_group_name      =
  account_tier             = "Standard"
  account_replication_type = "ZRS"
  min_tls_version          = "TLS1_2"

I think this is related to Azurerm_storage_account incorrectly flags log configuration - #3 by kensykora

I added this block:

  queue_properties {
    logging {
      delete                = true
      read                  = true
      write                 = true
      version               = 1
      retention_policy_days = 1

and it removed the sonarcloud issue. But we are not using storage queues. We are using blobs.

So I think this is a false positive.


What language is the file this is raised in?


Hi, this is terraform

1 Like


Thanks. I’ve flagged this for the language experts.


Hi Scott,

This is indeed a false positive and it is related to the other post you mentioned. We have a pending internal ticket to address this issue but it is not yet implemented.



Ok - Thanks for the info. We will ignore this alert.