Ensure managed identity provider is enabled for app services

Error: Azure App Service Web app does not have a Managed Service Identity

Bridgecrew Policy ID: BC_AZR_GENERAL_54
Checkov Check ID: CKV_AZURE_71
Severity: LOW

Azure App Service Web app does not have a Managed Service Identity

Description

Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords.

Fix - Buildtime

In Azure Console

  1. Log in to the Azure portal.
  2. Navigate to App Services.
  3. Click on the reported App.
  4. Under Setting section, Click on 'Identity'.
  5. Ensure that 'Status' is set to 'On'.

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service
  • Argument: identity.type
resource "azurerm_app_service" "example" {
              ...
  +           identity {
  +             type = "SystemAssigned"
                }
              }