Checks whether Internet access is enabled for each PolarDB cluster within the current Alibaba Cloud account. If so, the evaluation result is Compliant. Checks whether Internet access is enabled for each PolarDB cluster within the current Alibaba Cloud account but the cluster does not allow access over the Internet. If so, the evaluation result is also Compliant.
Scenarios
If 0.0.0.0/0 is added to the IP whitelist of a PolarDB cluster, the cluster can be accessed from all CIDR blocks. This may cause high security risks. Proceed with caution.
Risk level
Default risk level: high.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If Internet access is enabled for each PolarDB cluster within the current Alibaba Cloud account, the evaluation is Compliant. If Internet access is enabled for each PolarDB cluster within the current Alibaba Cloud account but the cluster does not allow access over the Internet, the evaluation result is also Compliant.
- If Internet access is enabled for a PolarDB cluster and the cluster allows access over the Internet, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | polardb-public-and-any-ip-access-check |
| Rule identifier | polardb-public-and-any-ip-access-check |
| Tag | Public and PolarDB |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | PolarDB clusters |
| Input parameter | None |
Incompliance remediation
Disable Internet access for a PolarDB cluster or remove 0.0.0.0/0 from the IP whitelist of a PolarDB cluster for which Internet access is enabled within the current Alibaba Cloud account. For more information, see Configure an IP whitelist.