Pattern: Use of automatic default network creation for Google IAM
Issue: -
The default network which is provided for a project contains multiple insecure firewall rules which allow ingress to the project's infrastructure. Creation of this network should therefore be disabled.
Resolution: Disable automatic default network creation.
The following example will fail the google-iam-no-default-network check.
resource "google_project" "bad_example" {
name = "My Project"
project_id = "your-project-id"
org_id = "1234567"
auto_create_network = true
}
The following example will pass the google-iam-no-default-network check.
resource "google_project" "good_example" {
name = "My Project"
project_id = "your-project-id"
org_id = "1234567"
auto_create_network = false
}