Checks whether 0.0.0.0/0 is added to the IP address whitelist of a PolarDB cluster.
Scenario
If 0.0.0.0/0 is added to the IP address whitelist of a PolarDB cluster, the cluster can be accessed from all CIDR blocks. This poses data security risks. We recommend that you add 0.0.0.0/0 to the IP address whitelist with caution.
Risk level
Default risk level: high.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If 0.0.0.0/0 is not added to the IP address whitelist of the PolarDB cluster, the configuration is considered compliant.
- If 0.0.0.0/0 is added to the IP address whitelist of the PolarDB cluster, the configuration is considered non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | polardb-public-access-check |
| Rule ID | polardb-public-access-check |
| Tag | PolarDB and VPC |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | PolarDB cluster |
| Input parameter | None |
Non-compliance remediation
Delete 0.0.0.0/0 from the IP address whitelist of the PolarDB cluster. For more information, see Configure an IP whitelist.