-
Notifications
You must be signed in to change notification settings - Fork 2
Governance Transforms Private Endpoints
Remove private endpoint resources from non-networking stages
Domain: networking
| Check | Description |
|---|---|
| TFM-NET-001 | Remove private endpoint, private DNS zone, DNS zone link, and DNS zone group resources from non-networking stages. These resources belong exclusively in the dedicated Networking stage. |
Remove private endpoint, private DNS zone, DNS zone link, and DNS zone group resources from non-networking stages. These resources belong exclusively in the dedicated Networking stage.
Rationale: The architecture mandates a single Networking stage that creates ALL private endpoints, DNS zones, and DNS zone groups. Service stages must NOT create these resources — they only set publicNetworkAccess to Disabled on their own resources.
Agents: terraform-agent, bicep-agent
All
Type: Structured
Search: 'privateEndpoints or privateDnsZones in non-networking stage'
Replace: 'removed'
Handler: remove_private_endpoint_resources
Getting Started
Stages
Interfaces
Configuration
Agent System
Features
- Backlog Generation
- Cost Analysis
- Error Analysis
- Docs & Spec Kit
- MCP Integration
- Knowledge System
- Escalation
Quality
Help
Policies — Azure
AI Services
Compute
Data Services
- Azure SQL
- Backup Vault
- Cosmos Db
- Data Factory
- Databricks
- Event Grid
- Event Hubs
- Fabric
- IoT Hub
- Mysql Flexible
- Postgresql Flexible
- Recovery Services
- Redis Cache
- Service Bus
- Stream Analytics
- Synapse Workspace
Identity
Management
Messaging
Monitoring
Networking
- Application Gateway
- Bastion
- CDN
- DDoS Protection
- DNS Zones
- Expressroute
- Firewall
- Load Balancer
- Nat Gateway
- Network Interface
- Private Endpoints
- Public Ip
- Route Tables
- Traffic Manager
- Virtual Network
- Vpn Gateway
- WAF Policy
Security
Storage
Web & App
Policies — Well-Architected
Reliability
Security
Cost Optimization
Operational Excellence
Performance Efficiency
Integration