Beta - App Service Slot Managed Identity Disabled
- Query id: 0f7964fa-96fd-4a72-9fb7-3cdef71479db
- Query name: Beta - App Service Slot Managed Identity Disabled
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- CWE: 522
- Risk score: 3.0
- URL: Github
Description¶
App Service Slot should have managed identity enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_app_service_slot" "positive1" {
name = random_id.server.hex
app_service_name = azurerm_app_service.example.name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}
Positive test num. 2 - tf file
resource "azurerm_linux_web_app_slot" "positive2" {
name = "example-slot"
app_service_id = azurerm_linux_web_app.example.id
site_config {}
}
Positive test num. 3 - tf file
resource "azurerm_windows_web_app_slot" "positive3" {
name = "example-slot"
app_service_id = azurerm_windows_web_app.example.id
site_config {}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_app_service_slot" "negative1" {
name = random_id.server.hex
app_service_name = azurerm_app_service.example.name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
identity {
type = "SystemAssigned, UserAssigned"
}
}