Beta - Container Instances Not Using Private Virtual Networks
- Query id: 71884fcb-ae03-41c8-87b9-22c90353f256
- Query name: Beta - Container Instances Not Using Private Virtual Networks
- Platform: Terraform
- Severity: Low
- Category: Networking and Firewall
- CWE: 306
- Risk score: 1.0
- URL: Github
Description¶
Ensuring container instances use private vNets reduces public exposure and limits potential security risks.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_container_group" "positive1" {
name = "cg-positive1"
location = "westeurope"
resource_group_name = "rg-test"
os_type = "Linux"
container {
name = "app"
image = "nginx"
cpu = 1
memory = 1
}
}
Positive test num. 2 - tf file
resource "azurerm_container_group" "positive2" {
name = "cg-positive2"
location = "westeurope"
resource_group_name = "rg-test"
os_type = "Linux"
ip_address_type = "Public"
container {
name = "app"
image = "nginx"
cpu = 1
memory = 1
}
}
Positive test num. 3 - tf file
resource "azurerm_container_group" "positive3" {
name = "cg-positive3"
location = "westeurope"
resource_group_name = "rg-test"
os_type = "Linux"
ip_address_type = "None"
container {
name = "app"
image = "nginx"
cpu = 1
memory = 1
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_container_group" "negative" {
name = "cg-negative"
location = "westeurope"
resource_group_name = "rg-test"
os_type = "Linux"
ip_address_type = "Private"
subnet_ids=[module.subnets["snet_aci"].id]
container {
name = "app"
image = "nginx"
cpu = 1
memory = 1
}
}