diff --git a/rules/S6378/azureresourcemanager/rule.adoc b/rules/S6378/azureresourcemanager/rule.adoc index 46f70e40951..5407b2248d1 100644 --- a/rules/S6378/azureresourcemanager/rule.adoc +++ b/rules/S6378/azureresourcemanager/rule.adoc @@ -6,6 +6,8 @@ include::../recommended.adoc[] == Sensitive Code Example +Using ARM templates: + [source,json,diff-id=1,diff-type=noncompliant] ---- { @@ -21,9 +23,20 @@ include::../recommended.adoc[] } ---- +Using Bicep: + +[source,bicep,diff-id=2,diff-type=noncompliant] +---- +resource sensitiveApiManagementService 'Microsoft.ApiManagement/service@2022-09-01-preview' = { + name: 'apiManagementService' + // Sensitive: no Managed Identity is defined +} +---- == Compliant Solution +Using ARM templates: + [source,json,diff-id=1,diff-type=compliant] ---- { @@ -42,6 +55,17 @@ include::../recommended.adoc[] } ---- +Using Bicep: + +[source,json,diff-id=2,diff-type=noncompliant] +---- +resource sensitiveApiManagementService 'Microsoft.ApiManagement/service@2022-09-01-preview' = { + name: 'apiManagementService' + identity: { + type: 'SystemAssigned' + } +} +---- include::../see.adoc[]