​​Describe Container Apps Security & Hardening

[ezYakaEagle442]

​​Describe Container Apps Security & Hardening :

• cluster isolation : single Tenant see also 57
• equivalent of network policies , etc.
• Support policy - see #25

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 9b2a1180-bdef-3f45-f478-9969aff2649a
• Version Independent ID: 79ab35ad-295a-ef8f-3228-91158dd2c960
• Content: Azure Container Apps - Frequently asked questions
• Content Source: articles/container-apps/faq.yml
• Service: static-web-apps
• GitHub Login: @craigshoemaker
• Microsoft Alias: cshoe

[RyanHill-MSFT]

Thanks for the feedback! I have assigned the issue to the content author to investigate further and update the document as appropriate.

[veikkoeeva]

The linked issues have good questions.

I would say a simple example using Bicep with VNET, subnets for frontend and backend, NSGs, service endpoints and such would go some way too.

I'll cross-reference https://github.com/microsoft/azure-container-apps/issues/320 as I believe it goes into documentation and hardering questions I too am thinking.

[trylvis]

+100 to adding equivalent to Kubernetes Network Policies.

We should on a Container App level be able to define what Container Apps can connect to it.

Especially as Container App Environment grows, not being able to control this is not optimal from a security point of view.

F.x. Container App A only allows connection from Container App B, and no other Container Apps.

https://kubernetes.io/docs/concepts/services-networking/network-policies/

[adrianhall]

@RyanHill-MSFT - please remove static-web-apps/svc (and craig) from this issue as it is for ACA, not SWA.