Ensure RDS Instance Publicly is Not Accessible

DBInstanceParameterGroup is used to modify the parameters of an ApsaraDB RDS instance. List of IP addresses allowed to access all databases of an instance. The list contains up to 1,000 IP addresses, separated by commas. Supported formats include 0.0.0.0/0, 10.23.12.24 (IP), and 10.23.12.24/24 (Classless Inter-Domain Routing (CIDR) mode. /24 represents the length of the prefix in an IP address.

Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD044

REMEDIATION

in security_ips list should be '0.0.0.0' or '0.0.0.0/0'

security_ips = [
- "0.0.0.0",
+ "10.23.12.24/24"
]

Read more: