Risk Level: Low
Cloud Entity: Azure functions
CloudGuard Rule ID: D9.AZU.CRY.46
Covered by Spectral: No
Category: Compute

GSL LOGIC

FunctionApp should have ftpState in('FtpsOnly', 'Disabled')

REMEDIATION

From Portal

Login to Azure Portal using https://portal.azure.com.
Go to 'App Services'.
Click on each FunctionApp.
Under 'Settings' section, click on 'Configuration'.
Click on the 'General settings' pane, for the Platform Settings, the FTP state should not be set to All allowed.
Click Save.

From TF

Set the ftps_state argument as below:

resource "azurerm_app_service" "example" {
	..
	ftps_state = "FtpsOnly"
	..
}

From Command Line
Run

az functionapp config set --resource-group RESOURCEGROUP --name FunctionApp --ftps-state FtpsOnly

References

Azure functions

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

Compliance Frameworks

Azure CIS Foundations v. 1.2.0
Azure CIS Foundations v. 1.3.0
Azure CloudGuard Best Practices
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset