az rule

internal/scanners/vgw/rules.go

@@ -75,5 +75,17 @@ func (a *VirtualNetworkGatewayScanner) GetVirtualNetworkGatewayRules() map[strin
 			},
 			Url: "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services",
 		},
+		"vgw-005": {
+			Id:             "vgw-005",
+			Category:       scanners.RulesCategoryHighAvailability,
+			Recommendation: "Storage should have availability zones enabled",
+			Impact:         scanners.ImpactHigh,
+			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
+				g := target.(*armnetwork.VirtualNetworkGateway)
+				sku := string(*g.Properties.SKU.Name)
+				return !strings.HasSuffix(strings.ToLower(sku), "az"), ""
+			},
+			Url: "https://learn.microsoft.com/en-us/azure/vpn-gateway/create-zone-redundant-vnet-gateway",
+		},
 	}
 }

internal/scanners/vgw/rules_test.go

@@ -96,6 +96,40 @@ func TestVirtualNetworkGatewayScanner_Rules(t *testing.T) {
 				result: "99.95%",
 			},
 		},
+		{
+			name: "VirtualNetworkGatewayScanner without AZ",
+			fields: fields{
+				rule: "vgw-005",
+				target: &armnetwork.VirtualNetworkGateway{
+					Properties: &armnetwork.VirtualNetworkGatewayPropertiesFormat{
+						SKU: &armnetwork.VirtualNetworkGatewaySKU{
+							Name: to.Ptr(armnetwork.VirtualNetworkGatewaySKUNameBasic),
+						}},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: true,
+				result: "",
+			},
+		},
+		{
+			name: "VirtualNetworkGatewayScanner with AZ",
+			fields: fields{
+				rule: "vgw-005",
+				target: &armnetwork.VirtualNetworkGateway{
+					Properties: &armnetwork.VirtualNetworkGatewayPropertiesFormat{
+						SKU: &armnetwork.VirtualNetworkGatewaySKU{
+							Name: to.Ptr(armnetwork.VirtualNetworkGatewaySKUNameErGw1AZ),
+						}},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: false,
+				result: "",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {