Azure Virtual Network has no a Network Security Group

ID

azure_security_group_configured

Severity

high

Vendor

Azure

Resource

Network

Tags

reachable

Description

Azure Virtual Network has no a Network Security Group. A subnet without security group configured has no restricted access. A Network Security Group has a list of ACL rules to allow or deny traffic.

To fix it, you must populate the security_group property.

Learn more about this topic at Azure Security Group

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a subnet refer nsg from other resource group
      azure_rm_subnet:
        resource_group: myResourceGroup
        virtual_network_name: myVirtualNetwork
        name: mySubnet
        address_prefix_cidr: "10.1.0.0/16"
        route_table: route

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a subnet refer nsg from other resource group
      azure_rm_subnet:
        resource_group: myResourceGroup
        virtual_network_name: myVirtualNetwork
        name: mySubnet
        address_prefix_cidr: "10.1.0.0/16"
        security_group:
          name: secgroupfoo
          resource_group: mySecondResourceGroup
        route_table: route