Back to Azure Resource templates index <–
Secure ASF Cluster on Linux
Template Locations
Infrastructure As Code Advisor (Beta)
WAF-compliance
The WAF-compliance advisor validates templates based on the Well Architected Framework practices. Every day a GitHub Action updates the templates compliance data and lists the recomendations.
Sustainbility Advisor
The sustainability advisor is based on the Sogeti Cloud Reference Architecture with sustainble practices. These sustainble practices cover application code, cloud infrastructures and data. The global Sogeti community is continously evolving the sustainble practices and every day new and tuned are added. For cloud infrastructures the sustainble practices are automatically validated and reported below.
note: when 100% it can be that there is no sustainble practices yet for this Cloud infrastructure.
Online documentation
Template reference
Service description
See Linux Azure Service Fabric landing zone or the landing page for ASF.
Compliance Advisor details
Resource Health Result
| Message | ResourceType | Severity |
|---|---|---|
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "minimumTlsVersion": "TLS1_2" }Communication between a client application and an Azure Storage account is encrypted using Transport Layer Security (TLS). TLS is a standard cryptographic protocol that ensures privacy and data integrity between clients and services over the Internet | Microsoft.Storage/storageAccounts | 3 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "minimumTlsVersion": "TLS1_2" }Communication between a client application and an Azure Storage account is encrypted using Transport Layer Security (TLS). TLS is a standard cryptographic protocol that ensures privacy and data integrity between clients and services over the Internet | Microsoft.Storage/storageAccounts | 3 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "supportsHttpsTrafficOnly": true }You can configure your storage account to accept requests from secure connections only by setting the Secure transfer required property for the storage account. When you require secure transfer, any requests originating from an insecure connection are rejected. Microsoft recommends that you always require secure transfer for all of your storage accounts. | Microsoft.Storage/storageAccounts | 2 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "allowBlobPublicAccess": false }Disallow public access to all blobs or containers in the storage account. | Microsoft.Storage/storageAccounts | 2 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "accessTier": "Cool" }Infrequently used data should be stored in cold or offline archive storage, using less energy. | Microsoft.Storage/storageAccounts | 2 |
| Location for the resource should not be hardcoded, it should be parameterized and should refer from Resource Group's location i.e. [resourceGroup().location] | Microsoft.Storage/storageAccounts | 2 |
| Your current API Version i.e.2016-01-01 for the resource Microsoft.Storage/storageAccounts is outdatedconsider updating to new recent version available i.e. 2023-01-01 or 2022-09-01 | Microsoft.Storage/storageAccounts | 2 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "supportsHttpsTrafficOnly": true }You can configure your storage account to accept requests from secure connections only by setting the Secure transfer required property for the storage account. When you require secure transfer, any requests originating from an insecure connection are rejected. Microsoft recommends that you always require secure transfer for all of your storage accounts. | Microsoft.Storage/storageAccounts | 2 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "allowBlobPublicAccess": false }Disallow public access to all blobs or containers in the storage account. | Microsoft.Storage/storageAccounts | 2 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "accessTier": "Cool" }Infrequently used data should be stored in cold or offline archive storage, using less energy. | Microsoft.Storage/storageAccounts | 2 |
| Location for the resource should not be hardcoded, it should be parameterized and should refer from Resource Group's location i.e. [resourceGroup().location] | Microsoft.Storage/storageAccounts | 2 |
| Your current API Version i.e.2016-01-01 for the resource Microsoft.Storage/storageAccounts is outdatedconsider updating to new recent version available i.e. 2023-01-01 or 2022-09-01 | Microsoft.Storage/storageAccounts | 2 |
| Location for the resource should not be hardcoded, it should be parameterized and should refer from Resource Group's location i.e. [resourceGroup().location] | Microsoft.Network/virtualNetworks | 2 |
| It is recommended to enable DDoS Protection, to provide enhanced DDoS mitigation features to defend against attacks that flood network and compute resources and to avoid unnecessary spike in usage and cost.Please Note - The DDoS Protection Plan is a high-cost service. Please keep this in mind while testing and learning | Microsoft.Network/virtualNetworks | 2 |
| Your current API Version i.e.2015-06-15 for the resource Microsoft.Network/virtualNetworks is outdatedconsider updating to new recent version available i.e. 2023-04-01 or 2023-02-01 | Microsoft.Network/virtualNetworks | 2 |
| Location for the resource should not be hardcoded, it should be parameterized and should refer from Resource Group's location i.e. [resourceGroup().location] | Microsoft.Network/publicIPAddresses | 2 |
| Your current API Version i.e.2015-06-15 for the resource Microsoft.Network/publicIPAddresses is outdatedconsider updating to new recent version available i.e. 2023-04-01 or 2023-02-01 | Microsoft.Network/publicIPAddresses | 2 |
| Location for the resource should not be hardcoded, it should be parameterized and should refer from Resource Group's location i.e. [resourceGroup().location] | Microsoft.Network/loadBalancers | 2 |
| Your current API Version i.e.2015-06-15 for the resource Microsoft.Network/loadBalancers is outdatedconsider updating to new recent version available i.e. 2023-04-01 or 2023-02-01 | Microsoft.Network/loadBalancers | 2 |
| Location for the resource should not be hardcoded, it should be parameterized and should refer from Resource Group's location i.e. [resourceGroup().location] | Microsoft.Compute/virtualMachineScaleSets | 2 |
| Your current API Version i.e.2017-03-30 for the resource Microsoft.Compute/virtualMachineScaleSets is outdatedconsider updating to new recent version available i.e. 2023-03-01 or 2022-11-01 | Microsoft.Compute/virtualMachineScaleSets | 2 |
| Location for the resource should not be hardcoded, it should be parameterized and should refer from Resource Group's location i.e. [resourceGroup().location] | Microsoft.ServiceFabric/clusters | 2 |
| Your current API Version i.e.2018-02-01 for the resource Microsoft.ServiceFabric/clusters is outdatedconsider updating to new recent version available i.e. 2021-06-01 or 2020-12-01-privatepreview | Microsoft.ServiceFabric/clusters | 2 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.Storage/storageAccounts | 1 |
| It is recommended to implement life cycle management wherever possible for your blobs, which will remove older files and limit hardware space and management on cloud | Microsoft.Storage/storageAccounts | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.Storage/storageAccounts | 1 |
| Don't use variables for the API version, i.e.[variables('storageApiVersion')] | Microsoft.Storage/storageAccounts | 1 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.Storage/storageAccounts | 1 |
| It is recommended to implement life cycle management wherever possible for your blobs, which will remove older files and limit hardware space and management on cloud | Microsoft.Storage/storageAccounts | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.Storage/storageAccounts | 1 |
| Don't use variables for the API version, i.e.[variables('storageApiVersion')] | Microsoft.Storage/storageAccounts | 1 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.Network/virtualNetworks | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.Network/virtualNetworks | 1 |
| Don't use variables for the API version, i.e.[variables('vNetApiVersion')] | Microsoft.Network/virtualNetworks | 1 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.Network/publicIPAddresses | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.Network/publicIPAddresses | 1 |
| Don't use variables for the API version, i.e.[variables('publicIPApiVersion')] | Microsoft.Network/publicIPAddresses | 1 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.Network/loadBalancers | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.Network/loadBalancers | 1 |
| Don't use variables for the API version, i.e.[variables('lbApiVersion')] | Microsoft.Network/loadBalancers | 1 |
| It is recommended to use below property for your resource Microsoft.Compute/virtualMachineScaleSets { "priority": "Spot" }Using Azure Spot Virtual Machines allows you to take advantage of our unused capacity at a significant cost savings. At any point in time when Azure needs the capacity back, the Azure infrastructure will evict Azure Spot Virtual Machines. Therefore, Azure Spot Virtual Machines are great for workloads that can handle interruptions like batch processing jobs, dev/test environments, large compute workloads, and more | Microsoft.Compute/virtualMachineScaleSets | 1 |
| It is recommended to use below property for your resource Microsoft.Compute/virtualMachineScaleSets securityProfileVirtual Machine scale sets do not have encryption at host enabled Use encryption at host to get end-to-end encryption for your virtual machine and virtual machine scale set data. Encryption at host enables encryption at rest for your temporary disk and OS/data disk caches. Temporary and ephemeral OS disks are encrypted with platform-managed keys when encryption at host is enabled. OS/data disk caches are encrypted at rest with either customer-managed or platform-managed key, depending on the encryption type selected on the disk. | Microsoft.Compute/virtualMachineScaleSets | 1 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.Compute/virtualMachineScaleSets | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.Compute/virtualMachineScaleSets | 1 |
| Don't use variables for the API version, i.e.[variables('vmssApiVersion')] | Microsoft.Compute/virtualMachineScaleSets | 1 |
| To help other contributors understand the purpose of the resource, specify comments for each resource in the template | Microsoft.ServiceFabric/clusters | 1 |
| It is recommended to parameterized your tag and make it as object type | Microsoft.ServiceFabric/clusters | 1 |
TemplateParameterHealthResult
| Message | Severity |
|---|---|
| Secure parameters can't have hardcoded default adminPasswordRead More | 3 |
| Define default values for parameters that aren't sensitive. By specifying a default value, it's easier to deploy the template, and users of your template see an example of an appropriate value i.e. tagBillingIdentifierRead More | 1 |
| It is recommended to add description for your parameters i.e. for vmNodeType0SizeRead More | 1 |
TemplateVariableHealthResult
| Message | Severity |
|---|---|
| It is recommended to make your variable as camel case, wherever possible for e.g. environmentRead More | 1 |
| It is recommended to make your variable as camel case, wherever possible for e.g. KeyVaultNameRead More | 1 |
| It is recommended to make your variable as camel case, wherever possible for e.g. KeyVaultResourceIdRead More | 1 |
| It is recommended to make your variable as camel case, wherever possible for e.g. wadlogsRead More | 1 |
| It is recommended to make your variable as camel case, wherever possible for e.g. wadcfgxstartRead More | 1 |
| It is recommended to make your variable as camel case, wherever possible for e.g. wadcfgxendRead More | 1 |
TemplateOthersHealthResult
| Message | Severity |
|---|---|
| Current schema version is not valid, Please change the version year to 2019-04-01 or greater | 2 |
Sustainable Advisor details
| Message | ResourceType | Severity |
|---|---|---|
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "accessTier": "Cool" }Infrequently used data should be stored in cold or offline archive storage, using less energy. | Microsoft.Storage/storageAccounts | 2 |
| It is recommended to use below property for your resource Microsoft.Storage/storageAccounts { "accessTier": "Cool" }Infrequently used data should be stored in cold or offline archive storage, using less energy. | Microsoft.Storage/storageAccounts | 2 |
| It is recommended to enable DDoS Protection, to provide enhanced DDoS mitigation features to defend against attacks that flood network and compute resources and to avoid unnecessary spike in usage and cost.Please Note - The DDoS Protection Plan is a high-cost service. Please keep this in mind while testing and learning | Microsoft.Network/virtualNetworks | 2 |
| It is recommended to implement life cycle management wherever possible for your blobs, which will remove older files and limit hardware space and management on cloud | Microsoft.Storage/storageAccounts | 1 |
| It is recommended to implement life cycle management wherever possible for your blobs, which will remove older files and limit hardware space and management on cloud | Microsoft.Storage/storageAccounts | 1 |
| It is recommended to use below property for your resource Microsoft.Compute/virtualMachineScaleSets { "priority": "Spot" }Using Azure Spot Virtual Machines allows you to take advantage of our unused capacity at a significant cost savings. At any point in time when Azure needs the capacity back, the Azure infrastructure will evict Azure Spot Virtual Machines. Therefore, Azure Spot Virtual Machines are great for workloads that can handle interruptions like batch processing jobs, dev/test environments, large compute workloads, and more | Microsoft.Compute/virtualMachineScaleSets | 1 |