turbot/steampipe-mod-azure-compliance

Control: Ensure that Register with Azure Active Directory is enabled on App Service

Description

Managed service identity in App Service provides more security by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in App Service, the app will connect to other Azure services securely without the need for usernames and passwords.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.appservice_web_app_register_with_active_directory_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.appservice_web_app_register_with_active_directory_enabled --share

SQL

This control uses a named query:

select
app.id as resource,
case
when identity = '{}' then 'alarm'
else 'ok'
end as status,
case
when identity = '{}' then name || ' register with azure active directory disabled.'
else name || ' register with azure active directory enabled.'
end as reason
, app.resource_group as resource_group
, sub.display_name as subscription
from
azure_app_service_web_app as app,
azure_subscription as sub
where
sub.subscription_id = app.subscription_id;

Tags