An outbound network security rule allows traffic to /0
.
Explanation
Network security rules should not use very broad subnets.
Where possible, segments should be broken into smaller subnets.
Insecure Example
The following example will fail the AZU002 check.
resource "azurerm_network_security_rule" "my-rule" {
direction = "Outbound"
destination_address_prefix = "0.0.0.0/0"
access = "Allow"
}
Secure Example
The following example will pass the AZU002 check.
resource "azurerm_network_security_rule" "my-rule" {
direction = "Outbound"
destination_address_prefix = "10.0.0.0/16"
access = "Allow"
}