From bd66d1fabf4e7f317fac08e9fa002636cd94deb1 Mon Sep 17 00:00:00 2001
From: Matt Spurlin <matt.spurlin@datadoghq.com>
Date: Thu, 6 Nov 2025 14:33:46 -0500
Subject: [PATCH] fix(azure): Add security properties to ARM template for
 policy compliance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added required security properties to fix Azure policy violations:
- Storage account: supportsHttpsTrafficOnly and allowBlobPublicAccess
- Function app: httpsOnly property

These changes ensure compliance with storage-secure-transfer, storage-no-anonymous, and functionapp-https policies.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 azure/eventhub_log_forwarder/function_template.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/azure/eventhub_log_forwarder/function_template.json b/azure/eventhub_log_forwarder/function_template.json
index a3caf7712..176430044 100644
--- a/azure/eventhub_log_forwarder/function_template.json
+++ b/azure/eventhub_log_forwarder/function_template.json
@@ -77,7 +77,9 @@
         "name": "Standard_LRS"
       },
       "properties": {
-        "minimumTlsVersion": "TLS1_2"
+        "minimumTlsVersion": "TLS1_2",
+        "supportsHttpsTrafficOnly": true,
+        "allowBlobPublicAccess": false
       }
     },
     {
@@ -92,6 +94,7 @@
       "properties": {
         "name": "[parameters('functionAppName')]",
         "clientAffinityEnabled": false,
+        "httpsOnly": true,
         "siteConfig": {
           "cors": {
             "allowedOrigins": [