Azure Container Instance is not configured with virtual network

Description

This policy detects whether Azure Container Instances (ACI) are configured with a virtual network. When ACIs are not deployed within a virtual network, they become publicly accessible, creating a security risk as they are directly exposed to the internet. To mitigate this risk, it is strongly recommended to configure all your container instances within a virtual network. By doing so, you establish a secure and isolated environment where your containers can communicate securely with other resources within the virtual network, preventing potential unauthorized access.

Code Example

resource "azurerm_container_group" "example" {
  ...
-  ip_address_type = "Public"
+  ip_address_type = "Private"
}

Remediation

Terraform

Resource: azurerm_container_group
Arguments: ip_address_type

To remediate this issue, set the `ip_address_type`` attribute to Private or None in your Terraform configuration.

Example:

Rule Details

Field	Value
ID	IAC-0752
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, Terraform
Checkov ID	CKV_AZURE_245

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure Container Instance is not configured with virtual network

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure Container Instance is not configured with virtual network ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure Container Instance is not configured with virtual network

Description

Code Example

Remediation

Rule Details

References