-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AVM Module Issue]: Improper use of code 'firewallRules' db-for-my-sql/flexible-server #3717
Comments
@FallenHoot, thanks for submitting this issue for the Important A member of the @Azure/avm-res-dbformysql-flexibleserver-module-owners-bicep or @Azure/avm-res-dbformysql-flexibleserver-module-contributors-bicep team will review it soon! |
Important The "Needs: Triage 🔍" label must be removed once the triage process is complete! Tip For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation. |
@FallenHoot happy to take a PR to resolve the issue. Let me know if you run into any issues doing so. Thanks! |
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
Hey @hundredacres, |
Warning Tagging the AVM Core Team (@Azure/avm-core-team-technical-bicep) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly. Tip
|
Caution **This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-bicep) immediate attention as it hasn't been responded to within 6 business days. ** Tip
|
@FallenHoot see if the PR #3959 resolves this issue for you. |
Check for previous/existing GitHub issues
Issue Type?
Bug
Module Name
avm/res/db-for-my-sql/flexible-server
(Optional) Module Version
0.4
Description
Can someone explain to me why the following is in the main.bicep. You can't create
delegatedSubnetResourceId
, because it requiresfirewallRules
. The main README.MD has no mention offirewallRules
.My feedback after looking into this more.
When to Use
mysqlFirewallRule
Public Network Access: If your MySQL flexible server has public network access enabled (
publicNetworkAccess: 'Enabled')
, you should use firewall rules to restrict access to specific IP addresses or ranges. This helps prevent unauthorized access from the internet.Specific IP Restrictions: If you need to allow access only from certain IP addresses or ranges, even within a virtual network, firewall rules are necessary.
When You Might Not Need
mysqlFirewallRule
Private Network Access Only: If your MySQL flexible server is configured to be accessible only within a virtual network (
publicNetworkAccess: 'Disabled'
), and you have other network security measures in place (e.g., Network Security Groups, Azure Firewall), you might not need additional firewall rules.Controlled Environment: If the server is in a highly controlled environment where access is already restricted by other means, firewall rules might be redundant.
It looks like the real issue is that the module is missing
publicNetworkAccess
in network.The
delegatedSubnetResourceId
is used to specify a subnet within a virtual network that is delegated to the MySQL flexible server. This allows the server to be part of a virtual network, providing network isolation and security. However, ifpublicNetworkAccess
is enabled, firewall rules are required to control access to the server.Suggested fix:
Happy to create a PR if needed.
(Optional) Correlation Id
No response
The text was updated successfully, but these errors were encountered: