Azure Spring Cloud service is not configured with virtual network
Description
This policy detects whether Azure Spring Cloud is configured with a Virtual Network. By leveraging a Virtual Network, you can isolate and secure Azure Spring Cloud within your own virtual network environment. This helps protect your resources and enables you to have more control over network traffic.
Code Example
go
provider "azurerm" {
features {}
}
resource "azurerm_virtual_network" "example" {
name = "example-vnet"
address_space = ["10.0.0.0/16"]
location = "East US"
resource_group_name = "example-resources"
}
resource "azurerm_subnet" "example" {
name = "example-subnet"
resource_group_name = "example-resources"
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_spring_cloud_service" "example" {
name = "example-spring-cloud-service"
resource_group_name = "example-resources"
location = "East US"
sku_name = "S0" # SKU is not B0
network {
service_runtime_subnet_id = azurerm_subnet.example.id
# app_subnet_id can also be included if needed
}
# Include other necessary configurations
}Remediation
Terraform
- Resource: azurerm_spring_cloud_service
- Arguments: sku_name, network.service_runtime_subnet_id
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0780 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV2_AZURE_23 |