Azure App Service Web app doesn't have a Managed Service Identity
Description
Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords.
Code Example
go
resource "azurerm_app_service" "example" {
...
+ identity {
+ type = "SystemAssigned"
}
}Remediation
- In Azure Console*
. Log in to the Azure portal.
. Navigate to App Services.
. Click on the reported App.
. Under Setting section, Click on 'Identity'.
. Ensure that 'Status' is set to 'On'. === Fix - Buildtime
Terraform
- Resource: azurerm_app_service
- Arguments: identity.type
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0579 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_71 |