-
Notifications
You must be signed in to change notification settings - Fork 4
Governance Policies Integration APIM To Container Apps
Governance policies for Apim To Container Apps
Domain: integration
| Name | Description |
|---|---|
| APIM backend with managed identity | Configure APIM backend pointing to internal Container App |
| Description | Instead |
|---|---|
| Do not expose Container App endpoints directly to the internet | Use APIM as the gateway; set Container App ingress to internal |
| Check | Severity | Description |
|---|---|---|
| CC-INT-APIM-001 | Required | Route all external API traffic through API Management |
| CC-INT-APIM-002 | Required | Use APIM managed identity to authenticate to Container Apps |
| CC-INT-APIM-003 | Recommended | Set Container App ingress to internal-only when fronted by APIM |
| CC-INT-APIM-004 | Recommended | Configure APIM caching policies for read-heavy endpoints |
Route all external API traffic through API Management
Severity: Required
Rationale: Centralizes auth, rate limiting, and observability
Agents: cloud-architect, terraform-agent, bicep-agent, biz-analyst
- Microsoft.ApiManagement/service
- Microsoft.App/containerApps
Use APIM managed identity to authenticate to Container Apps
Severity: Required
Rationale: No shared keys or certificates between services
Agents: cloud-architect, terraform-agent, bicep-agent
- Microsoft.ApiManagement/service
- Microsoft.App/containerApps
Set Container App ingress to internal-only when fronted by APIM
Severity: Recommended
Rationale: Container App should not be directly accessible from the internet
Agents: cloud-architect, terraform-agent, bicep-agent
- Microsoft.ApiManagement/service
- Microsoft.App/containerApps
Configure APIM caching policies for read-heavy endpoints
Severity: Recommended
Rationale: Reduces backend load and improves response latency
Agents: cloud-architect, app-developer, csharp-developer, python-developer
- Microsoft.ApiManagement/service
- Microsoft.App/containerApps
Getting Started
Stages
Interfaces
Configuration
Agent System
Features
- Backlog Generation
- Cost Analysis
- Error Analysis
- Docs & Spec Kit
- MCP Integration
- Knowledge System
- Escalation
Quality
Help
Policies — Azure
AI Services
Compute
Data Services
- Azure SQL
- Backup Vault
- Cosmos Db
- Data Factory
- Databricks
- Event Grid
- Event Hubs
- Fabric
- IoT Hub
- Mysql Flexible
- Postgresql Flexible
- Recovery Services
- Redis Cache
- Service Bus
- Stream Analytics
- Synapse Workspace
Identity
Management
Messaging
Monitoring
Networking
- Application Gateway
- Bastion
- CDN
- DDoS Protection
- DNS Zones
- Expressroute
- Firewall
- Load Balancer
- Nat Gateway
- Network Interface
- Private Endpoints
- Public Ip
- Route Tables
- Traffic Manager
- Virtual Network
- Vpn Gateway
- WAF Policy
Security
Storage
Web & App
Policies — Well-Architected
Reliability
Security
Cost Optimization
Operational Excellence
Performance Efficiency
Integration