Ensure that Health Check is enabled for your Function App

Health check increases your application's availability by removing unhealthy instances from the load balancer. If your instance remains unhealthy, it will be restarted.

Risk Level: Low
Cloud Entity: Azure functions
CloudGuard Rule ID: D9.AZU.MON.35
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

FunctionApp should have config.autoHealEnabled=true

REMEDIATION

From Portal

  1. Sign on to Azure portal and navigate to 'Function App'
  2. Click on the name of the Function App service you want to examine
  3. In the navigation panel,under Monitoring, select 'Health Check'
  4. Select Enable and provide a valid URL path on your application, such as /health or /api/health.
  5. Click Save.

From TF
Set the 'health_check_path' argument :

resource "azurerm_function_app" "example" {
	....
	site_config {
		....
		health_check_path          = "/health"
		....
	}
	....
}

From Command Line
Run

az functionapp config set --auto-heal-enabled true --name FUNCTIONAPP --resource-group RESOURCEGROUP

References

  1. https://docs.microsoft.com/en-us/azure/app-service/monitor-instances-health-check
  2. https://azure.github.io/AppService/2020/08/24/healthcheck-on-app-service.html
  3. https://learn.microsoft.com/en-us/cli/azure/functionapp/config?view=azure-cli-latest#az-functionapp-config-set
  4. https://learn.microsoft.com/en-us/azure/app-service/monitor-instances-health-check?tabs=dotnet
  5. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app

Azure functions

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

Compliance Frameworks

  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset