HIGH
Source
Trivy
ID
AVD-AZU-0029

Ensure database firewalls do not permit public access

Azure services can be allowed access through the firewall using a start and end IP address of 0.0.0.0. No other end ip address should be combined with a start of 0.0.0.0

Impact

Follow the appropriate remediation steps below to resolve the issue.

Don’t use wide ip ranges for the sql firewall

1
2
3
4
5
6
7
resource "azurerm_sql_firewall_rule" "good_example" {
  name                = "good_rule"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.example.name
  start_ip_address    = "0.0.0.0"
  end_ip_address      = "0.0.0.0"
}