azure-funcapp-auth-enabled

Ensure that function apps enables Authentication

It is recommended to enable Azure Function Authentication in order to ensure that your authentication and identity validation is securely managed at the edge.

Examples

Insecure Example

resource "azurerm_function_app" "example" {
  name                       = "test-azure-functions"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
}

Secure Example

resource "azurerm_function_app" "example" {
  name                       = "test-azure-functions"
  location                   = azurerm_resource_group.example.location
  resource_group_name        = azurerm_resource_group.example.name
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key

  auth_settings {
    enabled = true
    default_provider = "AzureActiveDirectory"
    issuer = "https://sts.windows.net/xxxxxxx-xxxx-xxx-xxxx-xxxtenantID/"
    unauthenticated_client_action = "RedirectToLoginPage"
  }
}

More information

• Azure Docs
• Terraform Docs