CosmosDB account IP range filter not set

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: c2a3efb6-8a58-481c-82f2-bfddf34bb4b7

Cloud Provider: Azure

Platform: Terraform

Severity: Critical

Category: Networking and Firewall

Learn More

Description

Azure CosmosDB Account IP range filter provides network-level access control for your database by restricting connections to specified IP addresses or ranges. When this filter is not configured, the database is potentially accessible from any IP address, exposing sensitive data to unauthorized access. Setting the ip_range_filter attribute (for example, ‘ip_range_filter = “104.42.195.92”’) limits access to only approved network locations, significantly enhancing your database security posture.

Compliant Code Examples

resource "azurerm_cosmosdb_account" "negative1" {
  name                  = "example" 

  ip_range_filter       = "104.42.195.92"
  is_virtual_network_filter_enabled = true
 

}

Non-Compliant Code Examples

resource "azurerm_cosmosdb_account" "positive1" {
  name                  = "example" 
  is_virtual_network_filter_enabled = true
 

}