Azure Spring Cloud API Portal Public Access Is Enabled
Description
Disabling the public network access property improves security by ensuring your Spring Cloud API Portals can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.
Code Example
text
resource "azurerm_spring_cloud_api_portal" "pass" {
name = "default"
spring_cloud_service_id = azurerm_spring_cloud_service.example.id
gateway_ids = [azurerm_spring_cloud_gateway.example.id]
https_only_enabled = false
public_network_access_enabled = false
instance_count = 1
sso {
client_id = "test"
client_secret = "secret"
issuer_uri = "https://www.example.com/issueToken"
scope = ["read"]
}
}Remediation
Terraform
- Resources: azurerm_spring_cloud_api_portal
- Attribute: public_network_access_enabled (default is "false")
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0669 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_162 |