Web PubSub Without Managed Identities
Description
Azure Managed Identities provides an identity for applications, allowing them to access other Azure resources. It is a secure alternative to using secrets or keys. With Managed Identities, credentials are outside of your code, reducing the risk of them being compromised.
Azure Web PubSub is a real-time web messaging service. For enhanced security, it's recommended to use Azure Managed Identities when Web PubSub accesses other Azure services.
This policy checks to ensure that Azure Web PubSub is configured to use Managed Identities.
Code Example
terraform
resource "azurerm_web_pubsub" "example" {
name = "example-webpubsub"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
+ identity {
+ type = "SystemAssigned" # or "UserAssigned" based on the requirement
+ }
tags = {
Environment = "production"
}
}Remediation
Terraform
- Resource: azurerm_web_pubsub
- Arguments: identity
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0683 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_176 |