Network interfaces use public IPs
Description
A public IP address is an IPv4 address that is reachable from the Internet. You can use public addresses for communication between your instances and the Internet. We recommend you control whether your network interfaces are required to use a public IP address.
Code Example
go
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
ip_configuration {
name = "internal2"
subnet_id = azurerm_subnet.example.id2
private_ip_address_allocation = "Dynamic"
}
enable_ip_forwarding = false
}Remediation
Terraform
- Resource: azurerm_network_interface
- Arguments: ip_configuration.public_ip_address_id (not exists)
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0626 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_119 |