Best practice rules for Container Apps
- Check for Azure Container Apps that Allow Insecure Traffic
Ensure that Microsoft Azure Container Apps are not configured to allow insecure connections.
- Disable Public Network Access
Ensure that public network access to Azure Container Apps is disabled.
- Enable Authentication and Authorization with Microsoft Entra ID
Enable authentication and authorization with Microsoft Entra ID.
- Enable Diagnostic Logs for Container Apps Environments
Ensure that Diagnostic Logs are enabled for Azure Container Apps environments.
- Enable HTTP/2 Only for Azure Container Apps
Ensure that HTTP/2 support is enabled for Microsoft Azure Container Apps.
- Enable Peer-to-Peer Encryption for Container Apps Environments
Ensure that peer-to-peer TLS encryption is enabled for Azure Container Apps environments.
- Enable and Configure Azure Container Apps Resiliency
Enable and configure Azure Container Apps resiliency using resiliency policies.
- Use Key Vaults to Store Azure Container App Secrets
Ensure that Azure Key Vaults are used to store Azure Container App secrets.
- Use Managed Identities for Azure Container Apps
Ensure that your Microsoft Azure Container Apps are using managed identities.
- Use TLS/SSL Certificates for Azure Container App Custom Domains
Ensure that Azure Container App custom domains are using TLS/SSL certificates.