Governance considerations for the API Management landing zone accelerator
This article provides design considerations and recommendations for governance when using the API Management landing zone accelerator. Azure governance establishes the tooling needed to support cloud governance, compliance auditing, and automated guardrails.
Learn more about the Azure governance design area.
Design considerations
- Research the available built-in RBAC roles available for the API Management service.
- Review the Azure Policy built-in policy definitions and the Azure Policy Regulatory Compliance controls for API Management. Azure Policy can help enforce vital management and security conventions across Azure platform services.
- Consider what level of logging is necessary to meet your organization’s compliance requirements.
- Consider how non-compliance should be detected.
- Consider how to standardize error responses returned by APIs.
Design recommendations
- Use Azure built-in roles to provide least-privilege permissions to manage the API Management service.
- Configure diagnostics settings within API Management to output logs and metrics to Azure Monitor.
- Implement an error handling policy at the global level.
- All API Management policies should include a
<base/>
element.