Ensure that Service Fabric uses available three levels of protection available

Error: Service Fabric does not use three levels of protection available

Bridgecrew Policy ID: BC_AZR_GENERAL_80
Checkov Check ID: CKV_AZURE_125
Severity: LOW

Service Fabric does not use three levels of protection available

Description

Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed

Fix - Buildtime

Terraform

  • Resource: azurerm_service_fabric_cluster
  • Argument: fabric_settings
resource "azurerm_service_fabric_cluster" "example" {
   ...
+  fabric_settings {
+    name = "Security"
+    parameters = {
+      name = "ClusterProtectionLevel"
+      value = "EncryptAndSign"
    }
  }