Ensure Service Fabric clusters use AD for authentication

Error: Service Fabric cluster does not use AD for authentication

Bridgecrew Policy ID: BC_AZR_GENERAL_43
Checkov Check ID: CKV_AZURE_126
Severity: LOW

Service Fabric cluster does not use AD for authentication

Description

A Service Fabric cluster requires creating Azure Active Directory (AD) applications to control access to the cluster: one web application and one native application. After the applications are created, you will be required to assign users to read-only and admin roles.

Fix - Buildtime

Terraform

  • Resource: azurerm_service_fabric_cluster
  • Argument: azure_active_directory - (Optional) An azure_active_directory block as defined below.
resource "azurerm_service_fabric_cluster" "example" {
    name                 = "example-servicefabric"
    resource_group_name  = azurerm_resource_group.example.name
    location             = azurerm_resource_group.example.location
    reliability_level    = "Bronze"
    upgrade_mode         = "Manual"
    cluster_code_version = "7.1.456.959"
    vm_image             = "Windows"
    management_endpoint  = "https://example:80"
                      
+   azure_active_directory {
        tenant_id = "4545"
        cluster_application_id = "87878"
        client_application_id = "9090"
    }
}

Did this page help you?