Ensure app service enables HTTP logging

Error: App service does not enable HTTP logging

Bridgecrew Policy ID: BC_AZR_LOGGING_8
Checkov Check ID: CKV_AZURE_63
Severity: LOW

App service does not enable HTTP logging

Description

By enabling HTTP logging for your app service, you can collect this information and use it to monitor and troubleshoot your app, as well as identify any potential security issues or threats. This can help to ensure that your app is running smoothly and is secure from potential attacks.

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service
  • Argument: logs.http_logs
resource "azurerm_app_service" "example" {
              name                = "example-app-service"
              location            = azurerm_resource_group.example.location
              resource_group_name = azurerm_resource_group.example.name
              app_service_plan_id = azurerm_app_service_plan.example.id
            
+             logs {
+               http_logs {
                    retention_in_days = 4
                    retention_in_mb = 10
                }
              }
            
              app_settings = {
                "SOME_KEY" = "some-value"
              }
            
              connection_string {
                name  = "Database"
                type  = "SQLServer"
                value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
              }
            }