Default network detected in the project TF-S2027
The field auto_create_network is set to True which will result in creating a default network.
The default network has a pre-configured network configuration and automatically generates the following insecure firewall rules:
- default-allow-internal: Allows ingress connections for all protocols and ports among instances in the network.
- default-allow-ssh: Allows ingress connections on TCP port 22(SSH) from any source to any instance in the network.
- default-allow-rdp: Allows ingress connections on TCP port 3389(RDP) from any source to any instance in the network.
- default-allow-icmp: Allows ingress ICMP traffic from any source to any instance in the network.
These automatically created firewall rules do not get audit logged and cannot be configured to enable firewall rule logging. In addition, the default network is an auto-mode network, which means that its subnets use the same predefined range of IP addresses. As a result, it is not possible to use Cloud VPN or VPC Network Peering with the default network. It is recommended that a project should not have a default network to prevent the use of a default network, and ideally, based on organization security and networking requirements, the organization should create a new network and delete the default network.
Recommended
resource "google_project" "recommended_project" {
name = "PROJECT"
project_id = "<project-id>"
org_id = "1234567"
auto_create_network = false
}