Azure- Cloud Custodian Policies for Azure WebApp

Covering various scenarios related to Azure Webapp using the open-source cloud custodian tool

Azure WebApp allows organizations to deploy mission-critical web applications that can be scaled with the business needs. It supports several web development languages and frameworks that allow developers to develop using one of the languages like ASP.NET, .Net Core, Java, Ruby, Node.js, PHP, or Python. It is very important to have adequate security controls for your web applications. In this article, we have used an open-source tool called Cloud Custodian to write different checks on misconfiguration parameters.

Example#1: Find all WebApp where always-on is not enabled. AlwaysOn is the configuration under general settings that allows the application to get loaded even when there’s no traffic. It means the app is loaded in the memory that is required for continuous web jobs that may be triggered using a CRON expression. When Always On is not turned on (default), the app is unloaded after 20 minutes without any incoming requests. The unloaded app can cause high latency for new requests because of its warm-up time. When Always On is turned on, the front-end load balancer sends a GET request to the application root every five minutes. The continuous ping prevents the app from being unloaded.

policies:
- name…