Open ezYakaEagle442 opened 2 years ago
Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.
The linked issues have good questions.
I would say a simple example using Bicep with VNET, subnets for frontend and backend, NSGs, service endpoints and such would go some way too.
I'll cross-reference https://github.com/microsoft/azure-container-apps/issues/320 as I believe it goes into documentation and hardering questions I too am thinking.
+100 to adding equivalent to Kubernetes Network Policies.
We should on a Container App level be able to define what Container Apps can connect to it.
Especially as Container App Environment grows, not being able to control this is not optimal from a security point of view.
F.x. Container App A only allows connection from Container App B, and no other Container Apps.
https://kubernetes.io/docs/concepts/services-networking/network-policies/
@RyanHill-MSFT - please remove static-web-apps/svc (and craig) from this issue as it is for ACA, not SWA.
Describe Container Apps Security & Hardening :
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.