Ensure that Shared Access Signature Tokens Expire Within an Hour
Why This Matters
Shared access signature tokens grant delegated access to Azure Storage resources without exposing the account key. If a SAS token has an excessively long expiration period, it increases the risk of unauthorized access if the token is leaked or intercepted. Restricting SAS tokens to expire within an hour minimizes the window of exposure and aligns with security best practices for temporary access delegation.
What Aether365 Checks
Aether365 verifies that shared access signature tokens are configured to expire within one hour from their start time. This check appears in the Aether365 dashboard under the azure-storage-accounts category.
How to Fix
Follow these steps to configure SAS tokens with an expiration time of one hour or less: