Reference
Recipes
Terraform
Azure
Design Partners
Best practices for Azure
** org.openrewrite.terraform.azure.AzureBestPractices** Securely operate on Microsoft Azure.

Tags

  • Azure
  • terraform

Source

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-terraform
  • version: 1.6.0

Usage

This recipe has no required configuration options and can be activated directly after taking a dependency on org.openrewrite.recipe:rewrite-terraform:1.6.0 in your build file:
Gradle
Maven
build.gradle
1
plugins {
2
id("org.openrewrite.rewrite") version("5.22.2")
3
}
4
5
rewrite {
6
activeRecipe("org.openrewrite.terraform.azure.AzureBestPractices")
7
}
8
9
repositories {
10
mavenCentral()
11
}
12
13
dependencies {
14
rewrite("org.openrewrite.recipe:rewrite-terraform:1.6.0")
15
}
Copied!
pom.xml
1
<project>
2
<build>
3
<plugins>
4
<plugin>
5
<groupId>org.openrewrite.maven</groupId>
6
<artifactId>rewrite-maven-plugin</artifactId>
7
<version>4.25.0</version>
8
<configuration>
9
<activeRecipes>
10
<recipe>org.openrewrite.terraform.azure.AzureBestPractices</recipe>
11
</activeRecipes>
12
</configuration>
13
<dependencies>
14
<dependency>
15
<groupId>org.openrewrite.recipe</groupId>
16
<artifactId>rewrite-terraform</artifactId>
17
<version>1.6.0</version>
18
</dependency>
19
</dependencies>
20
</plugin>
21
</plugins>
22
</build>
23
</project>
Copied!
Recipes can also be activated directly from the command line by adding the argument -Drewrite.activeRecipesorg.openrewrite.terraform.azure.AzureBestPractices

Definition

Recipe List
Yaml Recipe List
1
---
2
type: specs.openrewrite.org/v1beta/recipe
3
name: org.openrewrite.terraform.azure.AzureBestPractices
4
displayName: Best practices for Azure
5
description: Securely operate on Microsoft Azure.
6
tags:
7
- Azure
8
- terraform
9
recipeList:
10
- org.openrewrite.terraform.azure.EncryptAzureVMDataDiskWithADECMK
11
- org.openrewrite.terraform.azure.EnableAzureStorageSecureTransferRequired
12
- org.openrewrite.terraform.azure.DisableKubernetesDashboard
13
- org.openrewrite.terraform.azure.EnsureTheStorageContainerStoringActivityLogsIsNotPubliclyAccessible
14
- org.openrewrite.terraform.azure.EnsureAzureNetworkWatcherNSGFlowLogsRetentionIsGreaterThan90Days
15
- org.openrewrite.terraform.azure.EnsureAzureAppServiceWebAppRedirectsHTTPToHTTPS
16
- org.openrewrite.terraform.azure.EnsureWebAppUsesTheLatestVersionOfTLSEncryption
17
- org.openrewrite.terraform.azure.EnsureWebAppUsesTheLatestVersionOfHTTP
18
- org.openrewrite.terraform.azure.EnsureStandardPricingTierIsSelected
19
- org.openrewrite.terraform.azure.EnsureASecurityContactPhoneNumberIsPresent
20
- org.openrewrite.terraform.azure.EnsureSendEmailNotificationForHighSeverityAlertsIsEnabled
21
- org.openrewrite.terraform.azure.EnsureSendEmailNotificationForHighSeverityAlertsToAdminsIsEnabled
22
- org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
23
- org.openrewrite.terraform.azure.EnsureAzureSQLServerThreatDetectionAlertsAreEnabledForAllThreatTypes
24
- org.openrewrite.terraform.azure.EnsureAzureSQLServerSendAlertsToFieldValueIsSet
25
- org.openrewrite.terraform.azure.EnsureMSSQLServersHaveEmailServiceAndCoAdministratorsEnabled
26
- org.openrewrite.terraform.azure.EnsureMySQLServerDatabasesHaveEnforceSSLConnectionEnabled
27
- org.openrewrite.terraform.azure.EnsureAzurePostgreSQLDatabaseServerWithSSLConnectionIsEnabled
28
- org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny
29
- org.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess
30
- org.openrewrite.terraform.azure.EnsureActivityLogRetentionIsSetTo365DaysOrGreater
31
- org.openrewrite.terraform.azure.EnsureLogProfileIsConfiguredToCaptureAllActivities
32
- org.openrewrite.terraform.azure.EnsureAllKeysHaveAnExpirationDate
33
- org.openrewrite.terraform.azure.EnsureAKVSecretsHaveAnExpirationDateSet
34
- org.openrewrite.terraform.azure.EnsureAzureKeyVaultIsRecoverable
35
- org.openrewrite.terraform.azure.EnsureStorageAccountUsesLatestTLSVersion
36
- org.openrewrite.terraform.azure.EnsurePublicNetworkAccessEnabledIsSetToFalseForMySQLServers
37
- org.openrewrite.terraform.azure.EnsureMySQLIsUsingTheLatestVersionOfTLSEncryption
38
- org.openrewrite.terraform.azure.EnsureAppServiceEnablesHTTPLogging
39
- org.openrewrite.terraform.azure.EnsureAppServiceEnablesDetailedErrorMessages
40
- org.openrewrite.terraform.azure.EnsureAppServiceEnablesFailedRequestTracing
41
- org.openrewrite.terraform.azure.EnsurePostgreSQLServerDisablesPublicNetworkAccess
42
- org.openrewrite.terraform.azure.EnsureManagedIdentityProviderIsEnabledForAppServices
43
- org.openrewrite.terraform.azure.EnsureFTPDeploymentsAreDisabled
44
- org.openrewrite.terraform.azure.EnsureMySQLServerDisablesPublicNetworkAccess
45
- org.openrewrite.terraform.azure.EnsureMySQLServerEnablesGeoRedundantBackups
46
- org.openrewrite.terraform.azure.EnableGeoRedundantBackupsOnPostgreSQLServer
47
- org.openrewrite.terraform.azure.EnsureKeyVaultAllowsFirewallRulesSettings
48
- org.openrewrite.terraform.azure.EnsureKeyVaultEnablesPurgeProtection
49
- org.openrewrite.terraform.azure.EnsureKeyVaultSecretsHaveContentTypeSet
50
- org.openrewrite.terraform.azure.EnsureAKSPoliciesAddOn
51
- org.openrewrite.terraform.azure.EnsureAzureApplicationGatewayHasWAFEnabled
52
- org.openrewrite.terraform.azure.EnsureMySQLServerEnablesThreatDetectionPolicy
53
- org.openrewrite.terraform.azure.EnsurePostgreSQLServerEnablesThreatDetectionPolicy
54
- org.openrewrite.terraform.azure.EnsurePostgreSQLServerEnablesInfrastructureEncryption
Copied!
Export as PDF
Copy link