Ensure virtual network is used to deploy Azure Container Group

MEDIUM

Description

Azure virtual networks enable Azure resources to securely communicate with each other, which then allow companies to control inbound and outbound traffic using Network Security Groups. Network and application security groups are used to specify inbound and outbound security rules similar to the functionality of a firewall. Configuring a virtual network helps prevent unauthorized access to containers within a container group and is considered best practice.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Container instances.
  2. Select create.
  3. Choose and configure all the required settings.
  4. In the networking section choose Networking type as private.
  5. Select the virtual network and subnet and click on Review and create.

In Terraform -
For current Azure provider versions:

  1. In the azurerm_container_group resource, Ensure that subnet_ids attribute is set.

For Azure provider versions prior to v3.16.0:

  1. In the azurerm_container_group resource, set network_profile_id to the specific virtual network ID.

References:
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-virtual-network-concepts
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_group
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-virtual-network-concepts
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_group#subnet_ids

Policy Details

Rule Reference ID: AC_AZURE_0300
CSP: Azure
Remediation Available: Yes
Resource Category: Compute

Frameworks