AZU002 - An outbound network security rule allows traffic to /0.

Written by tfsec

Explanation

Network security rules should not use very broad subnets.

Where possible, segments should be broken into smaller subnets.

Insecure Example

The following example will fail the AZU002 check.

resource "azurerm_network_security_rule" "bad_example" {
	direction = "Outbound"
	destination_address_prefix = "0.0.0.0/0"
	access = "Allow"
}

Secure Example

The following example will pass the AZU002 check.

resource "azurerm_network_security_rule" "good_example" {
	direction = "Outbound"
	destination_address_prefix = "10.0.0.0/16"
	access = "Allow"
}

Related Links

• https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices

• https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html

---