Ensure public access is disabled for Azure IoT Hub

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In Azure Console -

Go to Azure IoT Hub.
Choose an IoT Hub to edit.
In the Security settings, Choose Networking.
Click on the click on public access and choose disabled.
Click save.

In Terraform -

In the azurerm_iothub resource, set public_network_access_enabled to false.

References:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/iothub#public_network_access_enabled

Policy Details

Rule Reference ID: AC_AZURE_0311

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_iothub

Resource Category: Virtual Network

Resource Type: IoT Hub

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics