Azure Function app configured with public network access
Description
Azure Functions is a serverless compute service that enables you to run event-driven code without having to explicitly provision or manage infrastructure. It's essential to restrict public access to such applications to mitigate potential risks. This policy ensures that the public network access to Azure Function Apps is disabled.
Code Example
terraform
resource "azurerm_linux_function_app" "example" {
name = "example-app"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
# ... other configurations ...
+ public_network_access_enabled = false
}
resource "azurerm_windows_function_app" "example" {
name = "example-app"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
# ... other configurations ...
+ public_network_access_enabled = false
}
# ... Similar configurations for other supported resources ...Remediation
Terraform
Resources:
- azurerm_linux_function_app
- azurerm_linux_function_app_slot
- azurerm_windows_function_app
- azurerm_windows_function_app_slot
Arguments:
- public_network_access_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0728 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_221 |