Azure Container Instance not configured with the managed identity

Description

This policy checks that the Azure Container Registry (ACR) has HTTPS (Hypertext Transfer Protocol Secure) enabled for its webhook. It's crucial for security reasons as enabling HTTPS ensures that the data transferred between the ACR and the webhook endpoint is encrypted and secure. Without HTTPS, the data could potentially be intercepted and exploited by malicious actors, leading to sensitive information leaks or breaches.

Code Example

hcl

resource "azurerm_container_registry_webhook" "example" {
  name                = "example-acrwebhook"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  registry_name       = azurerm_container_registry.example.name
  
  service_uri = "https://example.com/api/webhook"
  
  ...
}

Remediation

Terraform

Resource: azurerm_container_registry_webhook
Arguments: service_uri

To fix the issue, you have to configure your Azure Container Registry (ACR) to use HTTPS for webhook communications. This involves declaring it within your respective provider section or alternatively within the resource. You can ensure this with the `service_uri` attribute:

Rule Details

Field	Value
ID	IAC-0787
Severity	INFO
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV2_AZURE_30

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure Container Instance not configured with the managed identity

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure Container Instance not configured with the managed identity ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure Container Instance not configured with the managed identity

Description

Code Example

Remediation

Rule Details

References