Turbot Guardrails Hub 
Hub
Policy Packs
Enforce Azure Network Security Groups to Reject All Ingress, RDP, and SSH Inbound Access
Overview
2
Policy Settings
0
Variables
DevelopersGithub

Policy Setting: Azure > Network > Network Security Group > Ingress Rules > Approved > Rules

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "azure_network_security_group_ingress_rules_approved_rules" {
  resource = turbot_policy_pack.main.id
  type     = "tmod:@turbot/azure-network#/policy/types/networkSecurityGroupIngressRulesApprovedRules"
  template = <<-EOT
    {#- Reject ports 22, 3389 -#}
    REJECT $.turbot.ports.+:*,22,3389 $.access:Allow


    {#- Reject any inbound from internet -#}
    REJECT $.turbot.cidr:=0.0.0.0/0


    {#- Approve unmatched rules -#}
    APPROVE *
  EOT
}