Ensure that functions managed with Azure Function App are using user-assigned managed identities for fine-grained control over access permissions.
excellence
In Azure cloud, user-assigned identities encompass a broader range of roles beyond "Read-Only", "Contributor", and "Owner" support. Therefore, Azure functions should use user-assigned managed identities to provide granular control over access permissions, enable integration with existing identity systems, and support specific application requirements. User-assigned managed identities offer flexibility in managing identities and access control for functions managed with Azure Function App, allowing for fine-grained customization based on individual needs.
Audit
To determine if your Azure functions are configured to use user-assigned managed identities, perform the following operations:
Remediation / Resolution
To ensure that your functions managed with Microsoft Azure Function App are configured to use user-assigned managed identities, perform the following operations:
References
- Azure Official Documentation
- What are managed identities for Azure resources?
- How to use managed identities for App Service and Azure Functions
- Tutorial: Connect a function app to Azure SQL with managed identity and SQL bindings
- Azure Command Line Interface (CLI) Documentation
- az functionapp list
- az functionapp show
- az functionapp identity assign