Skip to main content

PolarDB Public and Any IP Access Check

ID: rule:aliyun:polardb-public-and-any-ip-access-check
Severity: high
IaC Types: ROS, Terraform

Description

Ensures that PolarDB clusters do not have security_ips open to any IP address (0.0.0.0/0 or 0.0.0.0).

Reason for Violation

Exposing a database to any IP address is a significant security risk.

Recommendation

Remove 0.0.0.0/0 and 0.0.0.0 from security_ips and restrict to specific trusted IP addresses.

Resource Types

  • ROS: ALIYUN::POLARDB::DBCluster
  • Terraform: alicloud_polardb_cluster