monkey365

0.97

rules/findings/azure/databases/data_factory/azure-datafactory-lack-managed-identity.json

                                {

    "args": [],

    "provider": "Azure",

    "serviceType": "Data Factory",

    "serviceName": "Databases",

    "displayName": "Ensure Data Factory is using Managed Identities",

    "description": "Managed identities are the roles that Azure services assume to access other services or resources. Access and permissions may be set on these roles to set the scope and reach of what a service can access. Setting a service to use a managed identity also prevents the need to store credentials in code or other less secure options.",

    "rationale": "Managed identities eliminate the need to store and manage credentials to access Azure resources. Scoping permissions of a managed identity to a specific set of resources also prevents unwanted access elsewhere.",

    "impact": "Initial administrative overhead to configure and manage role assignments for managed identities.",

    "remediation": {

        "text": "

            ##### Remediate from Azure Portal 

            1. From Data Factories select a factory to remediate. 

            2. In the left column expand > Settings. 

            3. Select Managed identities. 

            4. From the System Assigned tab, under Permissions select Azure role assignments. 

            5. Select + Add role assignments (Preview). 

            6. Select a Scope, Subscription and Role to be added. 

            7. Select Save

        ",

        "code": {

            "powerShell": null,

            "iac": null,

            "terraform": null,

            "other": null

        }

    },

    "recommendation": null,

    "references": [

        "https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview",

        "https://learn.microsoft.com/en-us/azure/data-factory/data-factory-service-identity"

    ],

    "compliance": [

        {

            "name": "CIS Microsoft Azure Database Services",

            "version": "2.0.0",

            "reference": "4.2",

            "profile": [

                "Level 1"

            ]

        }

    ],

    "level": "",

    "tags": [],

    "rule": {

        "path": "",

        "subPath": null,

        "selectCondition": {},

        "query": [

        ],

        "shouldExist": null,

        "returnObject": null,

        "removeIfNotExists": null

    },

    "output": {

        "html": {

            "data": {

                "properties": {},

                "expandObject": null

            },

            "table": "Normal",

            "decorate": [],

            "emphasis": [],

            "actions": {

                "objectData": {

                    "properties": [],

                    "expandObject": null,

                    "limit": null

                },

                "showGoToButton": "True",

                "showModalButton": "True",

                "directLink": null

            }

        },

        "text": {

            "data": {

                "properties": {},

                "expandObject": null

            },

            "status": {

                "keyName": [],

                "message": "",

                "defaultMessage": null

            },

            "properties": {

                "resourceName": null,

                "resourceId": null,

                "resourceType": null

            },

            "onlyStatus": false

        }

    },

    "idSuffix": "",

    "notes": [],

    "categories": [],

    "immutable_properties": [],

    "id": "azure_data_factory_002"

}