Ensure Azure Spring Cloud API Portal Public Access is disabled

Error: Azure Spring Cloud API Portal Public Access is enabled

Bridgecrew Policy ID: BC_AZR_NETWORKING_61
Checkov Check ID: CKV_AZURE_162
Severity: LOW

Azure Spring Cloud API Portal Public Access is enabled

Description

Disabling the public network access property improves security by ensuring your Spring Cloud API Portals can only be accessed from a private endpoint. This configuration strictly disables access from any public address space outside of Azure IP range and denies all logins that match IP or virtual network-based firewall rules.

Fix - Runtime

Fix - Buildtime

Resource: azurerm_spring_cloud_api_portal
Attribute: public_network_access_enabled (default is "false")

resource "azurerm_spring_cloud_api_portal" "pass" {
  name                          = "default"
  spring_cloud_service_id       = azurerm_spring_cloud_service.example.id
  gateway_ids                   = [azurerm_spring_cloud_gateway.example.id]
  https_only_enabled            = false
  public_network_access_enabled = false
  instance_count                = 1
  sso {
    client_id     = "test"
    client_secret = "secret"
    issuer_uri    = "https://www.example.com/issueToken"
    scope         = ["read"]
  }
}