Ensure that virtual networks are in use for Azure API Management

MEDIUM

Description

Azure API Management should have a virtual network configured to ensure that any backend service access is handled securely.

Remediation

In Azure Console -

Open the Azure Portal and go to API Management.
Select the API Management service you wish to edit.
Select Network under Deployment + Infrastructure.
For Virtual network, choose the appropriate option.
Configure the subnet settings as needed.

In Terraform -

In the azurerm_api_management resource, set 'virtual_network_type' to [Internal | External].

References:
https://learn.microsoft.com/en-us/azure/api-management/virtual-network-concepts?tabs=stv2
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#virtual_network_type

Policy Details

Rule Reference ID: AC_AZURE_0313

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_api_management

Resource Category: Virtual Network

Resource Type: API Management

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0