Ensure Azure SQL Server has default auditing policy configured
Error: Azure Built-in logging for Azure function app is disabled
Bridgecrew Policy ID: BC_AZR_GENERAL_91
Checkov Check ID: CKV_AZURE_156
Severity: LOW
Azure SQL Server does not have default auditing policy configured
Description
Configuring a default auditing policy for your Azure SQL Server can help improve the security and management of your database. Auditing allows you to keep a record of events and activities that have occurred on your database, such as user logins, data changes, and other actions.
Runtime - Buildtime
Fix - Buildtime
Terraform
- Resource: azurerm_function_app
- Argument: enable_builtin_logging
resource "azurerm_function_app" "pass2" {
name = "test-azure-functions"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
https_only = false
enable_builtin_logging = true
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
min_tls_version = 1.1
ftps_state = "AllAllowed"
http2_enabled = false
cors {
allowed_origins = ["*"]
}
}
}
Updated 9 months ago