Skip to content

authentication-enabled

Default Severity: medium

Explanation

Enabling authentication ensures that all communications in the application are authenticated. The auth_settings block needs to be filled out with the appropriate auth backend settings

Possible Impact

Anonymous HTTP requests will be accepted

Suggested Resolution

Enable authentication to prevent anonymous request being accepted

Insecure Example

The following example will fail the azure-appservice-authentication-enabled check.

 resource "azurerm_app_service" "bad_example" {
   name                = "example-app-service"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
   app_service_plan_id = azurerm_app_service_plan.example.id
 }

Secure Example

The following example will pass the azure-appservice-authentication-enabled check.

 resource "azurerm_app_service" "good_example" {
   name                = "example-app-service"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
   app_service_plan_id = azurerm_app_service_plan.example.id

   auth_settings {
     enabled = true
   }
 }