Control: Gateway subnets should not be configured with a network security group
Description
Protect your subnet from potential threats by restricting access to it with a Network Security Group (NSG). NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your subnet.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.network_security_group_not_configured_gateway_subnetsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.network_security_group_not_configured_gateway_subnets --shareSQL
This control uses a named query:
select subnet.id resource, case when subnet.name = 'GatewaySubnet' and network_security_group_id is not null then 'alarm' when subnet.name = 'GatewaySubnet' and network_security_group_id is null then 'ok' else 'skip' end as status, case when subnet.name = 'GatewaySubnet' and network_security_group_id is not null then 'Gateway subnet configured with network security group.' when subnet.name = 'GatewaySubnet' and network_security_group_id is null then 'Gateway subnet not configured with network security group.' else subnet.name || ' not of gateway subnet type.' end as reason , subnet.resource_group as resource_group , sub.display_name as subscriptionfrom azure_subnet as subnet join azure_subscription as sub on sub.subscription_id = subnet.subscription_id;