Resource Type: Azure > App Service > Web App
The Web App resource type enables developers to host and manage web applications, RESTful APIs, and backend services in a fully managed environment. It abstracts infrastructure management, allowing users to focus on application development.
Resource Context
Web App is a part of the App Service service.
Each Web App lives under a Resource Group.
Controls
The primary controls for Azure > App Service > Web App are:
- Active
- Approved
- Client Certificate Mode
- CMDB
- Discovery
- FTPS State
- HTTP 2.0 Enabled
- HTTPS Only
- Minimum TLS Version
- ServiceNow
- System Assigned Identity
- Tags
It is also targeted by these controls:
- Azure > CIS v1 > 9 Application Services > 9.01 Ensure App Service Authentication is set on Azure App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.02 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.03 Ensure web app is using the latest version of TLS encryption (Scored)
- Azure > CIS v1 > 9 Application Services > 9.04 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' (Scored)
- Azure > CIS v1 > 9 Application Services > 9.05 Ensure that Register with Azure Active Directory is enabled on App Service (Scored)
- Azure > CIS v1 > 9 Application Services > 9.06 Ensure that '.Net Framework' version is the latest, if used as a part of the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app (Not Scored)
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
- Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
- Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
- Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
- Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
- Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/azure-appservice#/resource/types/webApp
- tmod:@turbot/turbot#/resource/categories/compute
- turbot graphql resource --id "tmod:@turbot/azure-appservice#/resource/types/webApp"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-appservice#/resource/types/webApp';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-appservice#/resource/types/webApp"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-appservice#/resource/types/webApp' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query