chore: add nsg for default subnet (#829)

## Description  Adding a wide open NSG on the default subnet. Should be restricted soon. Allows us to place resources in it now and add restrictions as we go ## Related Issue(s) - #{issue number} ## Verification - [ ] **Your** code builds clean without any errors or warnings - [ ] Manual testing done (required) - [ ] Relevant automated test added (if you find this hard, leave it and we'll help out) ## Documentation - [ ] Documentation is updated (either in `docs`-directory, Altinnpedia or a separate linked PR in [altinn-studio-docs.](https://github.com/Altinn/altinn-studio-docs), if applicable)
Altinn · Jun 10, 2024 · 31dd195 · 31dd195
1 parent 18a1f6e
commit 31dd195
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/.azure/modules/vnet/main.bicep b/.azure/modules/vnet/main.bicep
@@ -4,6 +4,44 @@ param namePrefix string
 @description('The location where the resources will be deployed')
 param location string
 
+resource defaultNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = {
+  name: '${namePrefix}-default-nsg'
+  location: location
+  properties: {
+    securityRules: [
+      // todo: restrict the ports further
+      {
+        name: 'AllowAnyCustomAnyInbound'
+        type: 'Microsoft.Network/networkSecurityGroups/securityRules'
+        properties: {
+          protocol: '*'
+          sourcePortRange: '*'
+          destinationPortRange: '*'
+          sourceAddressPrefix: '*'
+          destinationAddressPrefix: '*'
+          access: 'Allow'
+          priority: 100
+          direction: 'Inbound'
+        }
+      }
+      {
+        name: 'AllowAnyCustomAnyOutbound'
+        type: 'Microsoft.Network/networkSecurityGroups/securityRules'
+        properties: {
+          protocol: '*'
+          sourcePortRange: '*'
+          destinationPortRange: '*'
+          sourceAddressPrefix: '*'
+          destinationAddressPrefix: '*'
+          access: 'Allow'
+          priority: 100
+          direction: 'Outbound'
+        }
+      }
+    ]
+  }
+}
+
 // https://learn.microsoft.com/en-us/azure/container-apps/firewall-integration?tabs=consumption-only
 resource containerAppEnvironmentNSG 'Microsoft.Network/networkSecurityGroups@2023-11-01' = {
   name: '${namePrefix}-container-app-environment-nsg'
@@ -231,6 +269,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-11-01' = {
         name: 'default'
         properties: {
           addressPrefix: '10.0.0.0/24'
+          networkSecurityGroup: {
+            id: defaultNSG.id
+          }
         }
       }
       {