There is 1 policy definition on Managed Identity in Azure for Container Apps.
- Managed Identity should be enabled for Container Apps
Just curious on how this built-in policy apply as i am new with policies. Can someone help on how to use or demonstrate a configuration how to assign the policy definition and use in Container Apps Service?
Thank you and looking for the experts here.
2
Answers
@Arko, but the definition is nothing therefore remediation cannot add.
To apply the built-in Azure Policy "Managed Identity should be enabled for Container Apps", follow these steps to ensure that all Container Apps in your specified scope have Managed Identity enabled
In search type Policy, under that look for definitions on the left side column, under Definitions, search for "Managed Identity should be enabled for Container Apps"
You can also use CLI
Assign the policy to your target scope for example your resource group under which you will deploy your ACA
Done. You can validate the same by deploying a test container App
Let’s say this one is non-compliant, another is compliant. The policy should tell you now if it’s non-compliant
Now check. trigger a fresh scan
Let it run. Once you get the prompt back now check-
You can check the same from portal as well
You can even prevent non-compliant resources from being created, enable enforcement mode. Checkout – Tutorial: Create and manage policies to enforce compliance and MS Doc