Ensure Developer/Premium SKUs are in use for Azure API Management

MEDIUM

Description

Basic and other lower tiers of Azure API Management do not allow the use of Azure VNet. This may allow the clients to access your APIs directly. Thus increasing attack surface.

Remediation

In Azure Console -

Open the Azure Portal and go to API Management.
Select the API Management service you wish to edit.
Select Pricing tier under Deployment + Infrastructure.
For Pricing tiers, choose the appropriate option.

In Terraform -

In the azurerm_api_management resource, set 'sku_name' to a value that starts with 'Developer_' or 'Premium_'.

References:
https://learn.microsoft.com/en-us/azure/api-management/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#sku_name

Policy Details

Rule Reference ID: AC_AZURE_0230

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_api_management

Resource Category: Virtual Network

Resource Type: API Management

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics