To follow Azure cloud security best practices and prevent anonymous access, ensure that all the HTTP-triggered Azure functions managed with Microsoft Azure Function App are configured to use access keys to securely invoke functions via URLs. Access keys with a HOST scope (i.e. function keys) can be used to access all HTTP-triggered functions within the Azure Function App.
optimisation
excellence
HTTP-triggered Azure functions should use access keys to invoke the function for security and access control. These keys act as a safeguard, ensuring that only authorized clients with the correct key can trigger the function. This helps prevent unauthorized access and potential misuse of the function, maintaining the integrity and confidentiality of your application's resources and data.
Audit
To determine if all Azure functions within your Azure Function App are configured to use access keys, perform the following operations:
Remediation / Resolution
To ensure that all your HTTP-triggered functions managed with Azure Function App are configured to use access keys, perform the following operations:
References
- Azure Official Documentation
- Securing Azure Functions
- Azure Functions HTTP triggers and bindings overview
- Azure Functions HTTP trigger
- Azure Command Line Interface (CLI) Documentation
- az functionapp list
- az functionapp keys list
- az functionapp keys set