Ensure RDS Instance Publicly is Not Accessible

DBInstanceParameterGroup is used to modify the parameters of an ApsaraDB RDS instance. List of IP addresses allowed to access all databases of an instance. The list contains up to 1,000 IP addresses, separated by commas. Supported formats include 0.0.0.0/0, 10.23.12.24 (IP), and 10.23.12.24/24 (Classless Inter-Domain Routing (CIDR) mode. /24 represents the length of the prefix in an IP address.

Suggest Edits

Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD044

REMEDIATION

in security_ips list should be '0.0.0.0' or '0.0.0.0/0'

security_ips = [
- "0.0.0.0",
+ "10.23.12.24/24"
]

https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/db_instance#security_ips
https://www.alibabacloud.com/help/en/resource-orchestration-service/latest/rds

Updated about 1 year ago

REMEDIATION

Read more: