CosmosDB Account IP Range Filter Not Set

  • Query id: c2a3efb6-8a58-481c-82f2-bfddf34bb4b7
  • Query name: CosmosDB Account IP Range Filter Not Set
  • Platform: Terraform
  • Severity: Critical
  • Category: Networking and Firewall
  • CWE: 285
  • URL: Github

Description

The IP range filter should be defined to secure the data stored
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_cosmosdb_account" "positive1" {
  name                  = "example" 
  is_virtual_network_filter_enabled = true


}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_cosmosdb_account" "negative1" {
  name                  = "example" 

  ip_range_filter       = "104.42.195.92"
  is_virtual_network_filter_enabled = true


}