account-identity-registered
Explanation
Registering the identity used by an App with AD allows it to interact with other services without using username and password
Possible Impact
Interaction between services can't easily be achieved without username/password
Suggested Resolution
Register the app identity with AD
Insecure Example
The following example will fail the azure-appservice-account-identity-registered check.
resource "azurerm_app_service" "bad_example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}
Secure Example
The following example will pass the azure-appservice-account-identity-registered check.
resource "azurerm_app_service" "good_example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
identity {
type = "UserAssigned"
identity_ids = "webapp1"
}
}