NAT Gateway DNAT Risk Ports Check

ID: rule:aliyun:nat-risk-ports-check
Severity: high
IaC Types: ROS, Terraform

Description

Ensures NAT gateway DNAT entries do not expose high-risk ports.

Reason for Violation

Exposing management and database ports via DNAT increases the risk of unauthorized access and attacks.

Recommendation

Change external_port to a non-risky port, or use a VPN/Bastion Host for management access.

Resource Types

• ROS: ALIYUN::NAT::NatGateway
• Terraform: alicloud_forward_entry