NAS Access Group IP Restriction
ID: rule:aliyun:nas-access-group-public-access-check
Severity: high
IaC Types: ROS, Terraform
Description
Ensures that NAS access rules do not allow unrestricted access from all IP addresses (0.0.0.0/0).
Reason for Violation
The NAS access rule allows access from 0.0.0.0/0, which permits any IP to access the file system, significantly increasing security risks.
Recommendation
Restrict the source_cidr_ip to specific IP ranges instead of allowing all IPs (0.0.0.0/0).
Resource Types
- ROS:
ALIYUN::NAS::AccessRule - Terraform:
alicloud_nas_access_rule