Azure Client Certificates are not enforced for API management
Description
By enforcing client certificates for API management, you can ensure that only clients that have a valid certificate are able to access your APIs. This can help prevent unauthorized access to your APIs, and can also help protect against potential security threats such as data breaches or denial of service attacks.
Code Example
go
resource "azurerm_app_service" "pass" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
client_cert_enabled = true
}Remediation
Terraform
- Resource: azurerm_app_service
- Arguments: client_cert_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0659 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_152 |