Skip to main content

azurerm_network_security_groups resource


This resource will be deprecated when version 2 of the inspec-azure resource pack is released. Please use the azure_network_security_groups resource instead.

Use the azurerm_network_security_groups InSpec audit resource to enumerate Network Security Groups.

Azure REST API version

This resource interacts with version 2018-02-01 of the Azure Management API. For more information see the official Azure documentation.

At the moment, there doesn’t appear to be a way to select the version of the Azure API docs. If you notice a newer version being referenced in the official documentation please open an issue or submit a pull request using the updated version.



This resource is available in the inspec-azure resource pack. To use it, add the following to your inspec.yml in your top-level profile:

  - name: inspec-azure

You’ll also need to setup your Azure credentials; see the resource pack README.


An azurerm_network_security_groups resource block identifies Network Security Groups by Resource Group.

describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do


Test that an example Resource Group has the named Network Security Group

describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do
  its('names') { should include('ExampleNetworkSecurityGroup') }


  • names


The name of the Network Security Group

its('names') { should include('ExampleNetworkSecurityGroup') }


For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.


The control will pass if the resource returns a result. Use should_not if you expect zero matches.

# If we expect 'ExampleGroup' Resource Group to have Network Security Groups
describe azurerm_network_security_groups(resource_group: 'ExampleGroup') do
  it { should exist }

# If we expect 'EmptyExampleGroup' Resource Group to not have Network Security Groups
describe azurerm_network_security_groups(resource_group: 'EmptyExampleGroup') do
  it { should_not exist }

Azure Permissions

Your Service Principal must be setup with a contributor role on the subscription you wish to test.

Edit this page on GitHub

Thank you for your feedback!


Search Results