App Configuration Without Purge Protection Enabled

Description

Purge protection safeguards configuration stores from the irrecoverable, accidental purge of a deleted key. When enabled, a deleted key can't be permanently deleted until the protection is disabled.

This policy ensures that Azure App Configuration has purge protection enabled to prevent accidental loss of important configuration keys.

Code Example

terraform

resource "azurerm_app_configuration" "example" {
  name                = "example-app-configuration"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  
  # ... other configurations ...

+ purge_protection_enabled = true  // Enable purge protection
}

Remediation

Terraform

Resource:

azurerm_app_configuration

Arguments:

purge_protection_enabled

Rule Details

Field	Value
ID	IAC-0694
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform,
Checkov ID	CKV_AZURE_187

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

App Configuration Without Purge Protection Enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

App Configuration Without Purge Protection Enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

App Configuration Without Purge Protection Enabled

Description

Code Example

Remediation

Rule Details

References