Benchmark: Virtual Network
Description
This benchmark provides a set of controls that detect Terraform Azure Virtual Network resources deviating from security best practices.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-terraform-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Virtual Network.
Run this benchmark in your terminal:
powerpipe benchmark run terraform_azure_compliance.benchmark.networkSnapshot and share results via Turbot Pipes:
powerpipe benchmark run terraform_azure_compliance.benchmark.network --shareControls
- Network should have at least two connected DNS Endpoints
- Network Security Groups HTTP Services are restricted from the Internet
- Gateway subnets should not be configured with a network security group
- Network Security Groups RDP Services are restricted from the Internet
- Network Security Groups SSH Services are restricted from the Internet
- Subnets should be associated with a Network Security Group
- Network Security Groups UDP Services are restricted from the Internet
- Network Security Rules HTTP Services are restricted from the Internet
- Network Security Rules RDP Services are restricted from the Internet
- Network Security Rules SSH Services are restricted from the Internet
- Network Security Rules UDP Services are restricted from the Internet
- Network DNS server should have at least two connected DNS Endpoint
- Network Watcher flow logs should have retention set to 90 days or greater