Ensure auto renew of certificates is turned off for Azure App Service Certificate Order

LOW

Description

When an App Service Certificate is renewed, all the corresponding App Service SSL bindings are updated automatically, this may lead to dangling certificates in Azure App Service Certificate Order.

Remediation

In Azure Console -

Open the Azure Portal and go to App Service Certificates.
Select the App Service Certificates you wish to edit.
Set Auto renew to Off.

In Terraform -

In the azurerm_app_service_certificate_order resource, set auto_renew to false.

References:
https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Cportal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#site_config

Policy Details

Rule Reference ID: AC_AZURE_0190

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_app_service_certificate_order

Resource Category: Serverless

Resource Type: App Service

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
ISO-27001

Detections

Analytics

Ensure auto renew of certificates is turned off for Azure App Service Certificate Order

LOW

Description

Remediation

Policy Details

Frameworks