Ensure Azure built-in logging for Azure function app is enabled

Error: Azure Built-in logging for Azure function app is disabled

Bridgecrew Policy ID: BC_AZR_GENERAL_90
Checkov Check ID: CKV_AZURE_159
Severity: LOW

Azure Built-in logging for Azure function app is disabled

Description

It is recommended to have a proper logging process for Azure function app in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Runtime - Buildtime

Fix - Buildtime

Terraform

  • Resource: azurerm_function_app_slot
  • Argument: enable_builtin_logging
resource "azurerm_function_app_slot" "pass2" {
  name                       = "test-azure-functions-slot"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  function_app_name          = azurerm_function_app.example.name
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
  enable_builtin_logging     = true
  site_config {
    http2_enabled = false
  }
  auth_settings {
    enabled = false
  }
}