From 266701ee7fbd270b2f6fb65df91adf05d4ed6d36 Mon Sep 17 00:00:00 2001
From: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
Date: Wed, 19 Jul 2023 15:26:54 +0200
Subject: [PATCH] Modify S6329: Make GCP sample safer (#2529)

---
 rules/S6329/terraform/rule.adoc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/rules/S6329/terraform/rule.adoc b/rules/S6329/terraform/rule.adoc
index f39562c252..8d2de47200 100644
--- a/rules/S6329/terraform/rule.adoc
+++ b/rules/S6329/terraform/rule.adoc
@@ -105,11 +105,17 @@ For GCP:
 ----
 resource "google_compute_instance" "example" {
   network_interface {
-    network = "default"
+    network = google_compute_network.vpc_network_example.name
   }
 }
 ----
 
+Note that setting `network="default"` in the network interface block leads to
+other security problems such as removal of logging, Cloud VPN/VPC network
+peering, and the addition of insecure firewall rules. +
+A safer alternative includes creating a specific VPC or subnetwork and enforce
+security measures.
+
 include::../see.adoc[]
 
 ifdef::env-github,rspecator-view[]