VPC Network ACL Risky Ports Check
ID: rule:aliyun:vpc-network-acl-risky-ports-check
Severity: high
IaC Types: ROS, Terraform
Description
Ensures VPC Network ACLs do not allow unrestricted access to risky ports (22, 3389).
Reason for Violation
Opening management ports to all IPs (0.0.0.0/0) creates a significant security risk.
Recommendation
Restrict source_cidr_ip in ingress_acl_entries to specific trusted IP ranges for ports 22 and 3389.
Resource Types
- ROS:
ALIYUN::VPC::NetworkAcl - Terraform:
alicloud_network_acl