Checks whether the functions of a service can be invoked only in specific virtual private clouds (VPCs).
Scenarios
We recommend that you allow only requests from specific VPCs to invoke the functions of a service without affecting normal business operations. This reduces business security risks.
Risk level
Default risk level: high.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the functions of the service can be invoked only in specific VPCs, the evaluation result is compliant.
- If the functions of the service can be invoked over the Internet, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | fc-service-vpc-binding |
| Rule ID | fc-service-vpc-binding |
| Tag | FC and Service |
| Automatic remediation | Not supported |
| Trigger type | Configuration change and periodic execution |
| Time interval | 24 hours |
| Supported resource type | Function Compute trigger |
| Input parameter | None |
Non-compliance remediation
Specify that the functions of the service can be invoked only in specific VPCs. For more information, see Configure network settings.