Azure Event Grid Topic Managed Identity Provider
Description
Authentication plays a pivotal role in securing Azure App Configuration resources. Azure provides two primary authentication schemes: Azure Active Directory (Azure AD) credentials and access keys. Azure AD credentials offer enhanced security features and are easier to manage, making them the recommended choice by Microsoft over access keys.
This policy ensures that `local_auth_enabled` attribute in Azure App Configuration resources is set to `False`. Setting this attribute to `True` would enable local authentication with access keys, potentially making the resource more susceptible to unauthorized access.
Code Example
terraform
resource "azurerm_app_configuration" "example" {
name = "example-app-configuration"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ local_auth_enabled = false // Ensure local authentication is disabled
}Remediation
Terraform
Resource:
- azurerm_app_configuration
Arguments:
- local_auth_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0691 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_184 |