Azure Recovery Services vault is not configured with managed identity
Description
This policy checks to verify if the Azure Recovery Services Vault is configured with a managed identity. A managed identity in Azure is a secure and scalable solution for app authentication, and can be auto-managed by Azure, helping developers avoid the process of managing authentication by themselves. Therefore, if the Azure Recovery Services Vault is not configured with a managed identity, it could lead to improper access control and poorly managed authentication credentials, which may expose your app to security risks.
Code Example
hcl
resource "azurerm_recovery_services_vault" "example" {
name = "example-recovery-vault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
soft_delete_enabled = false
identity {
type = "SystemAssigned"
}
}Remediation
Terraform
- Resource: azurerm_recovery_services_vault
- Arguments: identity.type
To fix this issue, you need to configure the Azure Recovery Services vault with a managed identity. This is done by setting the property "identity" and "type" in the terraform configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0792 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AZURE_35 |