Azure ACR HTTPS not enabled for webhook
Description
Ensure that Azure Container Instances are configured with a managed identity. This configuration is crucial to augment the security of the container instance through the provision of an identity for Azure resources. It gives the developer the ability to manage credentials directly through Azure instead of creating and maintaining security credentials manually. If not set properly, security credentials may be exposed or misused, which can lead to a significant security risk such as unauthorized access or data breach. Thus, having the container instance managed by Azure greatly enhances the security and compliance of your operations.
Code Example
resource "azurerm_container_group" "example" {
name = "example-continst"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
os_type = "Linux"
+ identity {
+ type = "SystemAssigned"
+ }
container {
// other configurations
}
}Remediation
Terraform
- Resource: azurerm_container_group
- Arguments: identity.type
To fix the issue, you need to enable the managed identity for Azure Container Instances by adding a `identity` block with `type` set.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0785 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_28 |