RDS DB instance publicly accessible
This product is not supported for your selected
Datadog site. (
).
Id: 1b4565c0-4877-49ac-ab03-adebbccd42ae
Cloud Provider: Alicloud
Platform: Terraform
Severity: Medium
Category: Insecure Configurations
Learn More
Description
0.0.0.0 or 0.0.0.0/0 should not be included in the security_ips list. This rule flags alicloud_db_instance resources whose security_ips contain these public addresses. Allowing them grants public network access to the database instance and may expose it to the internet.
Compliant Code Examples
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
security_ips = [
"10.23.12.24"
]
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
Non-Compliant Code Examples
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
security_ips = [
"0.0.0.0/0",
"10.23.12.24/24"
]
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
resource "alicloud_db_instance" "default" {
engine = "MySQL"
engine_version = "5.6"
db_instance_class = "rds.mysql.t1.small"
db_instance_storage = "10"
security_ips = [
"0.0.0.0",
"10.23.12.24/24"
]
parameters = [{
name = "innodb_large_prefix"
value = "ON"
},{
name = "connect_timeout"
value = "50"
}]
}
