Link Search Menu Expand Document

An inbound network security rule allows traffic from /0.

Explanation

Network security rules should not use very broad subnets.

Where possible, segements should be broken into smaller subnets.

Insecure Example

The following example will fail the AZU001 check.

resource "azurerm_network_security_rule" "my-rule" {
	direction = "Inbound"
	source_address_prefix = "0.0.0.0/0"
	access = "Allow"
}

Secure Example

The following example will pass the AZU001 check.

resource "azurerm_network_security_rule" "my-rule" {
	direction = "Inbound"
	destination_address_prefix = "10.0.0.0/16"
	access = "Allow"
}