Pattern: Use of public ingress for Azure network
Issue: -
Network security rules should not use very broad subnets.
Where possible, segments should be broken into smaller subnets.
Resolution: Set a more restrictive cidr range.
Example of incorrect code:
resource "azurerm_network_security_rule" "bad_example" {
direction = "Inbound"
source_address_prefix = "0.0.0.0/0"
access = "Allow"
}Example of correct code:
resource "azurerm_network_security_rule" "good_example" {
direction = "Inbound"
destination_address_prefix = "10.0.0.0/16"
access = "Allow"
}