Checks whether the whitelist of each listener of each Server Load Balancer (SLB) instance allows access from a specified IP address or Classless Inter-Domain Routing (CIDR) block. If not, the evaluation result is Compliant.

Scenarios

This rule applies when you need to add IP addresses or CIDR blocks to the whitelist of a listener of an SLB instance. This helps reduce network exposure and ensures the network security of cloud environments.

Risk level

Default risk level: high.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If no whitelists of the listeners of each SLB instance allow access from a specified IP address or CIDR block, the evaluation result is Compliant.
  • If the whitelist of a listener of an SLB instance allows access from a specified IP address or CIDR block, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.

Rule details

Item Description
Rule name slb-acl-no-has-specified-ip
Rule identifier slb-acl-no-has-specified-ip
Tag SLB and LoadBalancer
Automatic remediation Not supported
Trigger type Periodic execution
Evaluation frequency Interval of 24 hours
Supported resource type SLB
Input parameter IpAddress

Incompliance remediation

Configure a whitelist or blacklist for a listener of an SLB instance. For more information, see Enable access control.