An outbound firewall rule allows traffic to /0.

Explanation

Network security rules should not use very broad subnets.

Where possible, segments should be broken into smaller subnets and avoid using the /0 subnet.

Insecure Example

The following example will fail the GCP004 check.

resource "google_compute_firewall" "my-firewall" {
	destination_ranges = ["0.0.0.0/0"]
}

Secure Example

The following example will pass the GCP004 check.

resource "google_compute_firewall" "my-firewall" {
	destination_ranges = ["1.2.3.4/32"]
}

Related Links

• https://cloud.google.com/vpc/docs/using-firewalls

• https://www.terraform.io/docs/providers/google/r/compute_firewall.html