False positive on "Ensure that Azure Virtual Network subnet is configured with a Network Security Group" [AC_AZURE_0356]
zadigus opened this issue · 0 comments
zadigus commented
- terrascan version: 1.18.1
- Operating System: Linux
Description
I have some terraform configuration which I want to scan. The configuration contains the following VNet configuration:
resource "azurerm_subnet" "fw" {
name = "AzureFirewallSubnet"
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet_hub.name
address_prefixes = [var.hub_network["firewall"]]
}
resource "azurerm_subnet" "gw" {
name = "GatewaySubnet"
resource_group_name = var.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet_hub.name
address_prefixes = [var.hub_network["vpn_gateway"]]
}
with no associated network security group. Per Microsoft documentation, for the Azure FW Subnet and for the Gateway Subnet, those subnet should not be associated with NSGs.
What I Did
When I run
terrascan scan
I get the following errors:
Description: Ensure that Azure Virtual Network subnet is configured with a Network Security Group, File: ../terraform/hub/vnet/main.tf, Line: 12, Severity: MEDIUM, Rule Name: reme_noSecurityGroupAssociated, Rule ID: AC_AZURE_0356, Resource Name: fw, Resource Type: azurerm_subnet, Category: Infrastructure Security
Description: Ensure that Azure Virtual Network subnet is configured with a Network Security Group, File: ../terraform/hub/vnet/main.tf, Line: 21, Severity: MEDIUM, Rule Name: reme_noSecurityGroupAssociated, Rule ID: AC_AZURE_0356, Resource Name: gw, Resource Type: azurerm_subnet, Category: Infrastructure Security
I should get no error.