GitHub
Join us on Slack
Join us on Discord
Ask on Stack Overflow
Search
⌃
K
Links
Introduction to OpenRewrite
Running Recipes
Authoring Recipes
Recipe catalog
Kotlin
Python
Analysis
CircleCI
Cloud suitability analyzer
Concourse
Cucumber
GitHub Actions
Hibernate
Java
Jenkins
Kubernetes
XML
Micrometer
Okio
OkHttp
Quarkus
Recommendations
Gradle
Maven
SQL
Static analysis and remediation
Terraform
Add Terraform configuration
Use a long enough byte length for random resources
AWS
Azure
Best practices for Azure
Disable Kubernetes dashboard
Enable Azure Storage Account Trusted Microsoft Services access
Enable Azure Storage secure transfer required
Enable geo-redundant backups on PostgreSQL server
Encrypt Azure VM data disk with ADE/CMK
Ensure AKS policies add-on
Ensure AKV secrets have an expiration date set
Ensure Azure App Service Web app redirects HTTP to HTTPS
Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days
Ensure Azure PostgreSQL database server with SSL connection is enabled
Ensure Azure SQL Server threat detection alerts are enabled for all threat types
Ensure Azure SQL server audit log retention is greater than 90 days
Ensure Azure SQL server send alerts to field value is set
Ensure Azure application gateway has WAF enabled
Ensure Azure key vault is recoverable
Ensure FTP Deployments are disabled
Ensure MSSQL servers have email service and co-administrators enabled
Ensure MySQL is using the latest version of TLS encryption
Ensure MySQL server databases have Enforce SSL connection enabled
Ensure MySQL server disables public network access
Ensure MySQL server enables Threat Detection policy
Ensure MySQL server enables geo-redundant backups
Ensure PostgreSQL server disables public network access
Ensure PostgreSQL server enables Threat Detection policy
Ensure PostgreSQL server enables infrastructure encryption
Ensure Send email notification for high severity alerts is enabled
Ensure Send email notification for high severity alerts to admins is enabled
Ensure Web App has incoming client certificates enabled
Ensure Web App uses the latest version of HTTP
Ensure Web App uses the latest version of TLS encryption
Ensure a security contact phone number is present
Ensure activity log retention is set to 365 days or greater
Ensure all keys have an expiration date
Ensure app service enables HTTP logging
Ensure app service enables detailed error messages
Ensure app service enables failed request tracing
Ensure app services use Azure files
Ensure key vault allows firewall rules settings
Ensure key vault enables purge protection
Ensure key vault key is backed by HSM
Ensure key vault secrets have content_type set
Ensure log profile is configured to capture all activities
Ensure managed identity provider is enabled for app services
Ensure public network access enabled is set to False for mySQL servers
Ensure standard pricing tier is selected
Ensure storage account uses latest TLS version
Ensure the storage container storing activity logs is not publicly accessible
Set Azure Storage Account default network access to deny
GCP
Search
Core
Config
Search
Text
Groovy
Hcl
JSON
Properties
YAML
Changelog
Reference
Concepts & explanations
Powered By
GitBook
Azure
Composite Recipes
Recipes that include further recipes, often including the individual recipes below.
Best practices for Azure
Enable Azure Storage Account Trusted Microsoft Services access
Ensure Azure SQL server audit log retention is greater than 90 days
Ensure Azure key vault is recoverable
Set Azure Storage Account default network access to deny
Recipes
Disable Kubernetes dashboard
Enable Azure Storage secure transfer required
Enable geo-redundant backups on PostgreSQL server
Encrypt Azure VM data disk with ADE/CMK
Ensure AKS policies add-on
Ensure AKV secrets have an expiration date set
Ensure Azure App Service Web app redirects HTTP to HTTPS
Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days
Ensure Azure PostgreSQL database server with SSL connection is enabled
Ensure Azure SQL Server threat detection alerts are enabled for all threat types
Ensure Azure SQL server send alerts to field value is set
Ensure Azure application gateway has WAF enabled
Ensure FTP Deployments are disabled
Ensure MSSQL servers have email service and co-administrators enabled
Ensure MySQL is using the latest version of TLS encryption
Ensure MySQL server databases have Enforce SSL connection enabled
Ensure MySQL server disables public network access
Ensure MySQL server enables Threat Detection policy
Ensure MySQL server enables geo-redundant backups
Ensure PostgreSQL server disables public network access
Ensure PostgreSQL server enables Threat Detection policy
Ensure PostgreSQL server enables infrastructure encryption
Ensure Send email notification for high severity alerts is enabled
Ensure Send email notification for high severity alerts to admins is enabled
Ensure Web App has incoming client certificates enabled
Ensure Web App uses the latest version of HTTP
Ensure Web App uses the latest version of TLS encryption
Ensure a security contact phone number is present
Ensure activity log retention is set to 365 days or greater
Ensure all keys have an expiration date
Ensure app service enables HTTP logging
Ensure app service enables detailed error messages
Ensure app service enables failed request tracing
Ensure app services use Azure files
Ensure key vault allows firewall rules settings
Ensure key vault enables purge protection
Ensure key vault key is backed by HSM
Ensure key vault secrets have
content_type
set
Ensure log profile is configured to capture all activities
Ensure managed identity provider is enabled for app services
Ensure public network access enabled is set to False for mySQL servers
Ensure standard pricing tier is selected
Ensure storage account uses latest TLS version
Ensure the storage container storing activity logs is not publicly accessible
Previous
Use HTTPS for Cloudfront distribution
Next
Best practices for Azure
Last modified
1mo ago