Ensure security group is assigned to network interface.
Description
This policy checks whether a security group is assigned to a network interface in a Yandex Compute instance. Assigning a security group to a network interface is crucial for controlling incoming and outgoing network traffic, thereby protecting the instance from unauthorized access. Without a security group, the instance may be exposed to various security risks. It is essential to assign a security group to ensure the instance's network traffic is properly secured.
Code Example
terraform
resource "yandex_compute_instance" "example" {
network_interface {
security_group_ids = [yandex_vpc_security_group.example.id]
}
}Remediation
Assign a security group to the network interface of the Yandex Compute instance.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1344 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_compute_instance |
| Checkov ID | CKV_YC_11 |