Ensure Azure IoT Hub disables public network access

Error: Azure IoT Hub enables public network access

Bridgecrew Policy ID: BC_AZR_NETWORKING_32
Checkov Check ID: CKV_AZURE_108
Severity: MEDIUM

Azure IoT Hub enables public network access

Description

By ensuring that your IoT Hub is not public, you can help protect your data from unauthorized access or tampering. Public IoT Hubs are accessible over the internet, which can make them vulnerable to external threats such as hackers or malware. By making it private, you can help ensure that only authorized users can access the data.

Fix - Buildtime

Terraform

  • Resource: azurerm_iothub
  • Argument: public_network_access_enabled
resource "azurerm_iothub" "example" {
             	...
+             public_network_access_enabled = false
              route {
                name           = "export"
                source         = "DeviceMessages"
                condition      = "true"
                endpoint_names = ["export"]
                enabled        = true
              }
   						...
            }