💡 Feature Request - APIM missing DDOS recommendation check #543
Labels
Enhancement 🆕
New feature or request
Comments
microsoft-github-policy-service
bot
added
the
Enhancement 🆕
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
I recently went through a resiliency review where I found out my customer did not configure APIM DDOS protection. Their APIM was not configured with vnet-injected and therefore Azure DDOS protection could not be enabled on their APIM instances. In my customer case, there are 2 mission critical applications (including their e-commerce web site) leveraging this API server and this is clearly a potential resiliency weakness that should be raised through APRL to be consistent with other DDOS recommendation in the library.
Reference : https://learn.microsoft.com/en-us/azure/api-management/protect-with-ddos-protection
Describe alternatives you've considered
NA, we need a rule that detect APIM configured without vnet injection and ensure customer there is no way to enable DDOS protection
Additional context
Add any other context or screenshots about the feature request here. 📷
The text was updated successfully, but these errors were encountered: