terraform-azurerm-caf-enterprise-scale
terraform-azurerm-caf-enterprise-scale copied to clipboard
Azure
Ensure that Azure Virtual Network subnet is configured with a Network Security Group
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Is your feature request related to a problem?
As identified during the work in issue #268, terrascan recommends that all Subnets are configured with a Network Security Group.
The following provides a summary of the errors created by this missing feature:
-----------------------------------------------------------------------
Description : Ensure that Azure Virtual Network subnet is configured with a Network Security Group
File : resources.connectivity.tf
Module Name : root
Line : 46
Severity : MEDIUM
-----------------------------------------------------------------------
As a temporary workaround, we are implementing an override to disable this rule in terrascan.
Describe the solution you'd like
This issue is being raised to track addition of this feature to the module.
We are not remediating this as part of #268 as it falls out of scope for this issue. This would also require a minor release due to the addition of new resources.
Additional context
This feature requires additional consideration due to the additional complexity associated with the differing needs around Network Security Groups.
For example:
- Not all subnets support attachment of a Network Security Group (NEED TO ADD EXAMPLES)
- Not all customers will need/want the same Network Security Groups rules
- Customers will need the ability to add their own rules to the Network Security Groups
