Azure App Service Instance Lacks Redundancy
Description
Azure App Services Plans provide a configurable mechanism to determine how many instances will run your apps. The number of instances directly affects the availability and failover capabilities of your application. For apps running on a single instance, there's an inherent risk: during unplanned interruptions or outages, your app might experience downtime.
Although Azure usually self-heals and addresses faulty app service instances, there can be an intermittent interruption during this period, potentially impacting user experience or critical workflows.
To enhance the availability and resilience of your application, this policy ensures that there are more than one instances running your app. By doing so, even if one instance faces issues, another instance can seamlessly take over, ensuring continuous operation of the app.
Code Example
resource "azurerm_service_plan" "example" {
name = "example-service-plan"
# ... other configurations ...
+ worker_count = 2 # Ensure you're using a minimum of two instances for better availability.
# ... other configurations ...
}Remediation
Terraform
Resource:
- azurerm_service_plan
Arguments:
- worker_count
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0719 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_212 |