Skip to main content

NAS Access Group IP Restriction

ID: rule:aliyun:nas-access-group-public-access-check
Severity: high
IaC Types: ROS, Terraform

Description

Ensures that NAS access rules do not allow unrestricted access from all IP addresses (0.0.0.0/0).

Reason for Violation

The NAS access rule allows access from 0.0.0.0/0, which permits any IP to access the file system, significantly increasing security risks.

Recommendation

Restrict the source_cidr_ip to specific IP ranges instead of allowing all IPs (0.0.0.0/0).

Resource Types

  • ROS: ALIYUN::NAS::AccessRule
  • Terraform: alicloud_nas_access_rule