no-public-egress
Default Severity: critical
Explanation
Network security rules should not use very broad subnets.
Where possible, segments should be broken into smaller subnets.
Possible Impact
The port is exposed for egress to the internet
Suggested Resolution
Set a more restrictive cidr range
Insecure Example
The following example will fail the azure-network-no-public-egress check.
resource "azurerm_network_security_rule" "bad_example" {
direction = "Outbound"
destination_address_prefix = "0.0.0.0/0"
access = "Allow"
}
Secure Example
The following example will pass the azure-network-no-public-egress check.
resource "azurerm_network_security_rule" "good_example" {
direction = "Outbound"
destination_address_prefix = "10.0.0.0/16"
access = "Allow"
}