Container Apps - oWretch/policy GitHub Wiki
| Category | Policy | Platform | Landing Zones | Production | Decommissioned | Management | Corp | Connectivity | Sandbox | Identity |
|---|---|---|---|---|---|---|---|---|---|---|
| Container Apps |
Container App environments should use network injection Container Apps environments should use virtual network injection to: 1.Isolate Container Apps from the public internet 2.Enable network integration with resources on-premises or in other Azure virtual networks 3.Achieve more granular control over network traffic flowing to and from the environment. |
Deny Disabled Audit |
Deny Disabled Audit |
|||||||
| Container Apps |
Container Apps environment should disable public network access Disable public network access to improve security by exposing the Container Apps environment through an internal load balancer. This removes the need for a public IP address and prevents internet access to all Container Apps within the environment. |
Deny Disabled Audit |
||||||||
| Container Apps |
Container Apps should disable external network access Disable external network access to your Container Apps by enforcing internal-only ingress. This will ensure inbound communication for Container Apps is limited to callers within the Container Apps environment. |
Deny Disabled Audit |
||||||||
| Container Apps |
Container Apps should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps. |
Deny Disabled Audit |
||||||||
| Container Apps |
Container Apps should only be accessible over HTTPS Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks. Disabling 'allowInsecure' will result in the automatic redirection of requests from HTTP to HTTPS connections for container apps. |
Deny Disabled Audit |
||||||||
| Container Apps |
Managed Identity should be enabled for Container Apps Enforcing managed identity ensures Container Apps can securely authenticate to any resource that supports Azure AD authentication |
Deny Disabled Audit |
Deny Disabled Audit |