Ensure Azure SQL Server has default auditing policy configured

Error: Azure Built-in logging for Azure function app is disabled

Bridgecrew Policy ID: BC_AZR_GENERAL_91
Checkov Check ID: CKV_AZURE_156
Severity: LOW

Azure SQL Server does not have default auditing policy configured

Description

Configuring a default auditing policy for your Azure SQL Server can help improve the security and management of your database. Auditing allows you to keep a record of events and activities that have occurred on your database, such as user logins, data changes, and other actions.

Runtime - Buildtime

Fix - Buildtime

Terraform

  • Resource: azurerm_function_app
  • Argument: enable_builtin_logging
resource "azurerm_function_app" "pass2" {
  name                       = "test-azure-functions"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
  https_only                 = false
  enable_builtin_logging     = true

  site_config {
    dotnet_framework_version = "v4.0"
    scm_type                 = "LocalGit"
    min_tls_version          = 1.1
    ftps_state               = "AllAllowed"
    http2_enabled            = false
    cors {
      allowed_origins = ["*"]
    }
  }
}