Azure App Service Plan is Not Suitable for Production
Description
Azure App Services offer various plans tailored to different requirements, including scalability, performance, and features. While some plans are ideal for testing and development purposes, they might not be equipped to handle production workloads effectively. Using plans not designed for production might expose applications to performance bottlenecks or lack of vital features.
The Free (F1), Shared (D1), and Basic (B1, B2, B3) plans serve well for limited testing and development but are not recommended for production environments. For production workloads, Azure recommends Standard and Premium plans, with PremiumV3 being the latest offering with advanced capabilities.
This policy checks and ensures that the App Service plan selected does not fall into the categories of Free, Shared, or Basic. Ensuring your App Service uses a production-ready plan enhances its reliability and performance.
Code Example
resource "azurerm_service_plan" "example" {
name = "example-service-plan"
# ... other configurations ...
+ sku_name = "P1v3" # Ensure you're using a production-suitable SKU like Standard or PremiumV3.
# ... other configurations ...
}Remediation
Terraform
Resource:
- azurerm_service_plan
Arguments:
- sku_name
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0718 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_211 |