CKV_AZURE_206: Storage Account Replication SKU Not Recognized in Bicep when set by parameter

[nadiahansen]

Describe the issue
I encountered an issue with Checkov while validating my Bicep template. The specific Checkov check is CKV_AZURE_206, which ensures that Storage Accounts use replication. However, although my Storage Account is correctly configured with the SKU set to Standard_GRS in the Bicep file via a parameter file, Checkov doesn't seem to recognize or validate this configuration at the time of writing.

Examples

`
param storageAccountType string
param storageAccountKind string = 'StorageV2'
...

resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
name: storageAccountName
location: location
kind: storageAccountKind
sku: {
name: storageAccountType
}
properties: {
...
}
}
}`

Steps to Reproduce:

1. Create a Bicep template with a Storage Account.
2. Set the replication SKU to Standard_GRS in the Bicep file via a parameter file
3. Run Checkov against the Bicep template.
4. Observe that Checkov raises the CKV_AZURE_206 issue, even though the correct replication SKU is set.

[bo156]

Hi @nadiahansen,
CKV_AZURE_206 is actually part of our arm checks which runs agains your resource.
Currently our arm framework does not support variable rendering, so we cannot calculate those connections between your resource and the parameter file. FYI @tsmithv11.

Note that for now while this is not supported you can manually skip this check on this resource using a skip comment