Ensure that Active Azure Service Fabric clusters are automatically upgraded to latest version

MEDIUM

Description

Active Azure Service Fabric clusters are not automatically upgreaded to latest version. This could result in cluster services to missout on important bug fixes.

Remediation

In Azure Console -

Open the Azure Portal and go to Service Fabric clusters.
Select the cluster you wish to edit.
Under Settings, select Fabric upgrades.
Either set the Fabric upgrade mode to Automatic or select the appropriate Fabric version from the drop-down.
Select Save.

In Terraform -

In the azurerm_service_fabric_cluster resource, either set the upgrade_mode field to Automatic or set the cluster_code_version field to the appropriate version.

References:
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-upgrade
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_fabric_cluster

Policy Details

Rule Reference ID: AC_AZURE_0208

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_service_fabric_cluster

Resource Category: Compute

Resource Type: Service Fabric Cluster

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0