Ensure managed identity is used in Azure Linux Function App

LOW

Description

Azure Function App identities can be managed by Azure so that there is not a lack of accountability with regards to user activity. To learn more about managed identities, see the Azure documentation.
References:
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp

Remediation

In Azure Console -

Open the Azure Portal and go to Function App.
Choose the Function App you wish to edit.
Under Settings, select Identity.
On the System assigned tab, set Status to On and add permissions as needed.

In Terraform -

In the azurerm_linux_function_app resource, create an identity block.
Set identity.type to SystemAssigned.
Set identity_ids to the list of ids to use.

References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_function_app#identity

Policy Details

Rule Reference ID: AC_AZURE_0123

CSP: Azure

Remediation Available: Yes

Domain: Identity and Access Management

Resource: azurerm_linux_function_app

Resource Category: Serverless

Resource Type: Function App

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001
SOC2
NY-DFS