Solution#26
Conversation
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
Great job! 🎉 Your implementation meets all the core requirements: each subnet has its own NSG, the correct rules are applied, and the database subnet does not allow any Internet traffic, which matches the task's requirements. The concern about the database NSG having no explicit rules is not an issue here, since the default NSG behavior is to deny inbound traffic from the Internet. If future requirements specify more granular rules for the database subnet, you can update the NSG accordingly. Keep up the good work!
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Footnotes
| $nsgDb = New-AzNetworkSecurityGroup ` | ||
| -Name $dbSubnetName ` | ||
| -ResourceGroupName $resourceGroupName ` | ||
| -Location $location ` | ||
|
|
There was a problem hiding this comment.
Issue: The database subnet NSG (nsgDb) is created without any security rules. If the task or checklist requires specific rules for the database subnet (e.g., only allow traffic from the web subnet or management subnet), you should add them here. As it stands, the NSG will have no custom rules, which may not be secure or compliant with the requirements.
No description provided.