Beta - CDB instance internet service enabled
This product is not supported for your selected
Datadog site. (
).
Id: 5d820574-4a60-4916-b049-0810b8629731
Cloud Provider: TencentCloud
Platform: Terraform
Severity: High
Category: Insecure Configurations
Learn More
Description
CDB instances (tencentcloud_mysql_instance) should have the internet_service attribute disabled. The rule detects resources where internet_service is set to 1. The expected value for internet_service is 0 or undefined.
Compliant Code Examples
data "tencentcloud_availability_zones_by_product" "zones" {
product = "cdb"
}
resource "tencentcloud_vpc" "vpc" {
name = "vpc-mysql"
cidr_block = "10.0.0.0/16"
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
name = "subnet-mysql"
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = "10.0.0.0/16"
is_multicast = false
}
resource "tencentcloud_security_group" "security_group" {
name = "sg-mysql"
description = "mysql test"
}
resource "tencentcloud_mysql_instance" "example" {
internet_service = 0
engine_version = "5.7"
charge_type = "POSTPAID"
slave_deploy_mode = 0
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
slave_sync_mode = 1
instance_name = "tf-example-mysql"
mem_size = 4000
volume_size = 200
vpc_id = tencentcloud_vpc.vpc.id
subnet_id = tencentcloud_subnet.subnet.id
intranet_port = 3306
security_groups = [tencentcloud_security_group.security_group.id]
tags = {
name = "test"
}
parameters = {
character_set_server = "utf8"
max_connections = "1000"
}
}
data "tencentcloud_availability_zones_by_product" "zones" {
product = "cdb"
}
resource "tencentcloud_vpc" "vpc" {
name = "vpc-mysql"
cidr_block = "10.0.0.0/16"
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
name = "subnet-mysql"
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = "10.0.0.0/16"
is_multicast = false
}
resource "tencentcloud_security_group" "security_group" {
name = "sg-mysql"
description = "mysql test"
}
resource "tencentcloud_mysql_instance" "example" {
engine_version = "5.7"
charge_type = "POSTPAID"
slave_deploy_mode = 0
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
slave_sync_mode = 1
instance_name = "tf-example-mysql"
mem_size = 4000
volume_size = 200
vpc_id = tencentcloud_vpc.vpc.id
subnet_id = tencentcloud_subnet.subnet.id
intranet_port = 3306
security_groups = [tencentcloud_security_group.security_group.id]
tags = {
name = "test"
}
parameters = {
character_set_server = "utf8"
max_connections = "1000"
}
}
Non-Compliant Code Examples
data "tencentcloud_availability_zones_by_product" "zones" {
product = "cdb"
}
resource "tencentcloud_vpc" "vpc" {
name = "vpc-mysql"
cidr_block = "10.0.0.0/16"
}
resource "tencentcloud_subnet" "subnet" {
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
name = "subnet-mysql"
vpc_id = tencentcloud_vpc.vpc.id
cidr_block = "10.0.0.0/16"
is_multicast = false
}
resource "tencentcloud_security_group" "security_group" {
name = "sg-mysql"
description = "mysql test"
}
resource "tencentcloud_mysql_instance" "example" {
internet_service = 1
engine_version = "5.7"
charge_type = "POSTPAID"
slave_deploy_mode = 0
availability_zone = data.tencentcloud_availability_zones_by_product.zones.zones.0.name
slave_sync_mode = 1
instance_name = "tf-example-mysql"
mem_size = 4000
volume_size = 200
vpc_id = tencentcloud_vpc.vpc.id
subnet_id = tencentcloud_subnet.subnet.id
intranet_port = 3306
security_groups = [tencentcloud_security_group.security_group.id]
tags = {
name = "test"
}
parameters = {
character_set_server = "utf8"
max_connections = "1000"
}
}
