Managed identity should be used in your Function App
Use a managed identity for enhanced authentication security
Risk Level: Low
Cloud Entity: Azure functions
CloudGuard Rule ID: D9.AZU.IAM.10
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
FunctionApp should have inner.identityStatus=true
REMEDIATION
From Portal
- Sign in to the Azure portal at https://portal.azure.com/.
- Go to 'Function App' and choose your Function App.
- Under 'Settings, select 'Identity' on the navigation menu.
- On the 'Identity' panel, select 'On' for the status configuration settings.
- Click Save.
From TF
Set the 'type' argument under 'identity' to 'SystemAssigned':
resource 'azurerm_function_app' 'example' {
..
identity {
..
type= 'SystemAssigned'
..
}
..
}
From Command Line
Run
az functionapp identity assign --resource-group RESOURCEGROUP --name FUNCTIONAPP
References
- https://learn.microsoft.com/en-us/cli/azure/functionapp/identity?view=azure-cli-latest#az-functionapp-identity-assign
- https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#identity
Azure functions
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
Compliance Frameworks
- Azure CloudGuard Best Practices
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
- Microsoft Cloud Security Benchmark
Updated over 1 year ago