Detections
Analytics

Ensure provider status is in provisioned state for Azure Express Route Circuit

LOW

Description

Peering cannot be configured, if Azure Express Route Circuit not in provisioned state.

Remediation

An Azure ExpressRoute Circuit provisioning state cannot be changed in the web console. It will reflect the state that the circuit is in based on your connectivity provider's state with connecting to the circuit. To learn more about how to provision an ExpressRoute Circuit, including what the provisioning states mean, see the Azure documentation (below).

In Terraform -

  1. In the azurerm_express_route_circuit resource, set service_provider_provisioning_state to provisioned.
    Note: this must be based on what the connectivity provider shows as the current state.

References:
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-circuit-portal-resource-manager
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-workflows#expressroute-circuit-provisioning-states
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/express_route_circuit

Policy Details

Rule Reference ID: AC_AZURE_0346
CSP: Azure
Remediation Available: No
Domain: Compliance Validation
Resource: azurerm_express_route_circuit
Resource Category: Virtual Network
Resource Type: Express Route Circuit

Frameworks