Ensure FTP Deployments are disabled

Error: Azure App Services FTP deployment is All allowed

Bridgecrew Policy ID: BC_AZR_GENERAL_15
Checkov Check ID: CKV_AZURE_78
Severity: MEDIUM

Azure App Services FTP deployment is All allowed

Description

FTPS (Secure FTP) is used to enhance security for Azure web application using App Service as it adds an extra layer of security to the FTP protocol, and help you to comply with the industry standards and regulations. For enhanced security, it is highly advices to use FTP over TLS/SSL only. You can also disable both FTP and FTPS if you don't use FTP deployment.

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service
  • Argument: ftps_state - (Optional) State of FTP / FTPS service for this App Service. Possible values include: AllAllowed, FtpsOnly and Disabled.
resource "azurerm_app_service" "example" {
  ...
+ ftps_state = "FtpsOnly"
}