PolarDB Public and Any IP Access Check
ID: rule:aliyun:polardb-public-and-any-ip-access-check
Severity: high
IaC Types: ROS, Terraform
Description
Ensures that PolarDB clusters do not have security_ips open to any IP address (0.0.0.0/0 or 0.0.0.0).
Reason for Violation
Exposing a database to any IP address is a significant security risk.
Recommendation
Remove 0.0.0.0/0 and 0.0.0.0 from security_ips and restrict to specific trusted IP addresses.
Resource Types
- ROS:
ALIYUN::POLARDB::DBCluster - Terraform:
alicloud_polardb_cluster