Network Security Groups (NSGs) in Azure provide filtering of network traffic to and from Azure resources within an Azure virtual network. When a subnet is not configured with an NSG, it lacks essential security controls that filter inbound and outbound traffic, potentially exposing resources to unauthorized access and network-based attacks.
A properly secured virtual network requires the security_group attribute to be defined with a valid NSG reference in each subnet configuration. Without this protection, workloads running in these subnets may be accessible from unwanted network sources, increasing the attack surface.
#this code is a correct code for which the query should not find any result
resource"azure_virtual_network""negative1"{name="test-network"address_space=["10.1.2.0/24"]location="West US"subnet{name="subnet1"address_prefix="10.1.2.0/25"security_group="a"}}
Non-Compliant Code Examples
#this is a problematic code where the query should report a result(s)
resource"azure_virtual_network""positive1"{name="test-network"address_space=["10.1.2.0/24"]location="West US"subnet{name="subnet1"address_prefix="10.1.2.0/25"}}resource"azure_virtual_network""positive2"{name="test-network"address_space=["10.1.2.0/24"]location="West US"subnet{name="subnet1"address_prefix="10.1.2.0/25"security_group=""}}
1
2
rulesets:- Terraform / Azure # Rules to enforce / Azure.
個別デモのリクエスト
Datadogを開始
Ask AI
AI-generated responses may be inaccurate. Verify important info.
